Filter Example
A filter for blocking the NetBIOS packets
The NETBIOS packets contain port numbers and need to be blocked in this case. They are
port number 137, 138 and 139 with UDP or TCP protocol. In addition, the NETBIOS packet
used to look for a remote DNS server can also trigger the call. Therefore, the
filter rules should cover the above packets.
The packets which need to be blocked are as following. Please configure two filter sets
with 4 and 2 rules respectively based on the following packets in SMT menu 21.
Filter Set 1:
- Rule 1-Destination port number 137 with protocol number 6 (TCP)
- Rule 2-Destination port number 137 with protocol number 17 (UDP)
- Rule 3-Destination port number 138 with protocol number 6 (TCP)
- Rule 4-Destination port number 138 with protocol number 17 (UDP)
- Rule 5-Destination port number 139 with protocol number 6 (TCP)
- Rule 6-Destination port number 139 with protocol number 17 (UDP)
Filter Set 2:
- Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)
- Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)
Before starting to set the filter rules, please enter a name for each filter set in the
'Comments' field first.
Menu 21 - Filter Set Configuration
Filter
Filter
Set #
Comments
Set # Comments
------
-----------------
------ -----------------
1
NetBIOS_WAN
7 _______________
2
NetBIOS_LAN
8 _______________
3
_______________
9 _______________
4
_______________
10 _______________
5
_______________
11 _______________
6
_______________
12 _______________
Enter Filter Set Number to Configure= 1
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
|
- Configure the first filter set 'NetBIOS_WAN' by selecting the Filter Set number 1.
Rule 1-Destination port number 137 with protocol number 6 (TCP)
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel: |
Rule 2-Destination port number 137 with protocol number 17 (UDP)
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Rule 3-Destination port number 138 with protocol number 6 (TCP)
Menu 21.1.3 - TCP/IP Filter Rule
Filter #: 1,3
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 138
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Rule 4-Destination port number 138 with protocol number 17 (UDP)
Menu 21.1.4 - TCP/IP Filter Rule
Filter #: 1,4
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 138
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Rule 5-Destination port number 139 with protocol number 6 (TCP)
Menu 21.1.5 - TCP/IP Filter Rule
Filter #: 1,5
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 139
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Rule 6-Destination port number 139 with protocol number 17 (UDP)
Menu 21.1.6 - TCP/IP Filter Rule
Filter #: 1,6
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 139
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
|
After the first filter set is finished, you will see the complete rules summary as below.
Menu 21.2 - Filter
Rules Summary # A
Type
Filter Rules M m n
- - ---- --------------------------------------------- - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0,
DP=137 N D N
2 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,
DP=137 N D N
3 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0,
DP=138 N D N
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,
DP=138 N D N
5 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0,
DP=139 N D N
6 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,
DP=139 N D F
|
Apply the filter set 'NetBIOS_WAN' to the 'Protocol Filter' of the 'Call Filter Sets='
in the remote node setup 11.5 for taking active. You can enter to the menu 11.5 by
selecting the 'Edit Filter Sets=' in menu 11.1 to 'Yes'.
Menu 11.1 - Remote Node Profile Rem Node Name=
hinet
Route= IP
Active=
Yes
Bridge= No
Call Direction=
Outgoing Edit PPP
Options= No
Incoming:
Rem IP Addr= 0.0.0.0
Rem Login=
N/A
Edit IP/IPX/Bridge= No
Rem Password=
N/A
Telco Option:
Rem CLID=
N/A
Allocated Budget(min)= 0
Call Back=
N/A
Period(hr)= 0
Outgoing:
Transfer Type= 64K
My Login=
masterbc
Nailed-Up Connection= No
My Password=
********
Session Options:
Authen=
CHAP/PAP
Edit Filter Sets= Yes
Pri Phone #=
4125678
Idle Timeout(sec)= 300
Sec Phone #=
|
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters=
device filters=
Output Filter Sets:
protocol filters=
device filters=
Call Filter Sets:
protocol filters= 1
device filters=
|
- Configure the second filter set 'NetBIOS_LAN' by selecting the Filter Set number 2.
Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)
Menu 21.2.1 - TCP/IP Filter Rule
Filter #: 2,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)
Menu 21.2.2 - TCP/IP Filter Rule
Filter #: 2,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 137
Port # Comp= Equal
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
|
After the first filter set is finished, you will see the complete rules summary as
below.
Menu 21.2 -
Filter Rules Summary # A
Type
Filter Rules M m n
- - ---- --------------------------------------------- - - -
1 Y IP Pr=6, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D N
2 Y IP Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53 N D F
|
Please apply this second filter set 'NetBIOS_LAN' in the 'protocol filters=' of the
'Input Filter Sets:' in the Menu 3 for blocking the packets from LAN.
Menu
3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters= 2
device filters=
Output Filter Sets:
protocol filters=
device filters=
|
All contents copyright © 1999 ZyXEL Communications Corporation.