Filter Example

A filter for blocking the NetBIOS packets


The NETBIOS packets contain port numbers and need to be blocked in this case. They are port number 137, 138 and 139 with UDP or TCP protocol. In addition, the NETBIOS packet used to look for a remote DNS server can also trigger the call.  Therefore, the filter rules should cover the above packets.

The packets which need to be blocked are as following. Please configure two filter sets with 4 and 2 rules respectively based on the following packets in SMT menu 21.

Filter Set 1:

Filter Set 2:

Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.  


                       Menu 21 - Filter Set Configuration

     Filter                               Filter
     Set #      Comments                  Set #        Comments
     ------  -----------------            ------  -----------------
       1      NetBIOS_WAN                   7      _______________
       2      NetBIOS_LAN                   8      _______________
       3      _______________               9      _______________
       4      _______________              10      _______________
       5      _______________              11      _______________
       6      _______________              12      _______________
 

                    Enter Filter Set Number to Configure= 1
                    Edit Comments=
                    Press ENTER to Confirm or ESC to Cancel:
 

Rule 1-Destination port number 137 with protocol number 6 (TCP)


                         Menu 21.1.1 - TCP/IP Filter Rule

                    Filter #: 1,1
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 6     IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 137
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                   TCP Estab= No
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:


Rule 2-Destination port number 137 with protocol number 17 (UDP)


                         Menu 21.1.2 - TCP/IP Filter Rule

                    Filter #: 1,2
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 17    IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 137
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                    TCP Estab= N/A
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:
 


Rule 3-Destination port number 138 with protocol number 6 (TCP)


                         Menu 21.1.3 - TCP/IP Filter Rule

                    Filter #: 1,3
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 6     IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 138
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                    TCP Estab= No
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:
 

Rule 4-Destination port number 138 with protocol number 17 (UDP)


                         Menu 21.1.4 - TCP/IP Filter Rule

                    Filter #: 1,4
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 17    IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 138
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                    TCP Estab= N/A
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:
 


Rule 5-Destination port number 139 with protocol number 6 (TCP)


                         Menu 21.1.5 - TCP/IP Filter Rule

                    Filter #: 1,5
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 6     IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 139
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                    TCP Estab= No
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:
 


Rule 6-Destination port number 139 with protocol number 17 (UDP)


                         Menu 21.1.6 - TCP/IP Filter Rule

                    Filter #: 1,6
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 17    IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 139
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 0
                                 Port # Comp= None
                    TCP Estab= N/A
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Forward

                    Press ENTER to Confirm or ESC to Cancel:
 

 


After the first filter set is finished, you will see the complete rules summary as below.


            Menu 21.2 - Filter Rules Summary

# A Type                       Filter Rules             M m n
 - - ---- --------------------------------------------- - - -
 1 Y IP   Pr=6,  SA=0.0.0.0, DA=0.0.0.0, DP=137         N D N
 2 Y IP   Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137         N D N
 3 Y IP   Pr=6,  SA=0.0.0.0, DA=0.0.0.0, DP=138         N D N
 4 Y IP   Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=138         N D N
 5 Y IP   Pr=6,  SA=0.0.0.0, DA=0.0.0.0, DP=139         N D N
 6 Y IP   Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=139         N D F

 

 

Apply the filter set 'NetBIOS_WAN' to the 'Protocol Filter' of the 'Call Filter Sets=' in the remote node setup 11.5 for taking active.  You can enter to the menu 11.5 by selecting the 'Edit Filter Sets=' in menu 11.1 to 'Yes'.


                 Menu 11.1 - Remote Node Profile

     Rem Node Name= hinet                 Route= IP
     Active= Yes                          Bridge= No

     Call Direction= Outgoing             Edit PPP Options= No
     Incoming:                            Rem IP Addr= 0.0.0.0
       Rem Login= N/A                     Edit IP/IPX/Bridge= No
       Rem Password= N/A                  Telco Option:
       Rem CLID= N/A                       Allocated Budget(min)= 0
       Call Back= N/A                       Period(hr)= 0
     Outgoing:                            Transfer Type= 64K
       My Login= masterbc                Nailed-Up Connection= No
       My Password= ********              Session Options:
       Authen= CHAP/PAP                     Edit Filter Sets= Yes
       Pri Phone #= 4125678                 Idle Timeout(sec)= 300
       Sec Phone #=
 


 


                         Menu 11.5 - Remote Node Filter

                    Input Filter Sets:
                       protocol filters=
                         device filters=
                    Output Filter Sets:
                       protocol filters=
                         device filters=
                    Call Filter Sets:
                       protocol filters= 1
                         device filters=
 

 


Rule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)


                         Menu 21.2.1 - TCP/IP Filter Rule

                    Filter #: 2,1
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 6     IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 53
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 137
                                 Port # Comp= Equal
                    TCP Estab= No
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Check Next Rule

                    Press ENTER to Confirm or ESC to Cancel:
 


Rule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)


                         Menu 21.2.2 - TCP/IP Filter Rule

                    Filter #: 2,2
                    Filter Type= TCP/IP Filter Rule
                    Active= Yes
                    IP Protocol= 17    IP Source Route= No
                    Destination: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 53
                                 Port # Comp= Equal
                         Source: IP Addr= 0.0.0.0
                                 IP Mask= 0.0.0.0
                                 Port #= 137
                                 Port # Comp= Equal
                    TCP Estab= N/A
                    More= No           Log= None
                    Action Matched= Drop
                    Action Not Matched= Forward

                    Press ENTER to Confirm or ESC to Cancel:
 

 

After the first filter set is finished, you will see the complete rules summary as below.


             Menu 21.2 - Filter Rules Summary

 # A Type                       Filter Rules            M m n
 - - ---- --------------------------------------------- - - -
 1 Y IP   Pr=6,  SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53  N D N
 2 Y IP   Pr=17, SA=0.0.0.0, SP=137, DA=0.0.0.0, DP=53  N D F
 

 

Please apply this second filter set 'NetBIOS_LAN' in the 'protocol filters=' of the 'Input Filter Sets:' in the Menu 3 for blocking the packets from LAN.


              Menu 3.1 - General Ethernet Setup

                    Input Filter Sets:
                       protocol filters= 2
                         device filters=
                    Output Filter Sets:
                       protocol filters=
                         device filters=

 


All contents copyright © 1999 ZyXEL Communications Corporation.