|
Router Config - Zyxel Parks 642/645 Prestige - Port blocking Tutorial by http://www.netforum.com.br
A filter for blocking the web service
Before configuring a filter, you need to know the following information:
1. The outbound packet type (protocol & port number)
2. The source IP address
Generally, the outbound packets for Web service could be as following:
a. HTTP packet, TCP (06) protocol with port number 80
b. DNS packet, TCP (06) protocol with port number 53 or
c. DNS packet, UDP (17) protocol with port number 53
For all workstation on the LAN, the source IP address will be 0.0.0.0. Otherwise, you have to enter an IP Address for the workstation you want to block. See the procedure for configuring this filter below.
- Create a filter set in Menu 21, e.g., set 1
-
Create three filter rules in Menu 21.1.1, Menu 21.1.2, Menu 21.1.3
- Rule 1- block the HTTP packet, TCP (06) protocol with port number 80
- Rule 2- block the DNS packet, TCP (06) protocol with port number 53
- Rule 3- block the DNS packet, UDP (17) protocol with port number 53
- Apply the filter set in menu 4
1. Create a filter set in Menu 21
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
------ ----------------- ------ -----------------
1 Web Request 7 _______________
2 8 _______________
3 9 _______________
4 10 _______________
5 11 _______________
6 _______________ 12 _______________
Enter Filter Set Number to Configure= 1
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
|
2. Rule one for (a). http packet, TCP(06)/Port number 80
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 80
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
3.Rule 2 for (b).DNS request, TCP(06)/Port number 53
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
4. Rule 3 for (c). DNS packet UDP(17)/Port number 53
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,2
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
|
5. After the three rules are completed, you will see the rule summary in Menu 21.
Menu 21.1 - Filter Rules Summary
# A Type Filter Rules M m n
- - ---- -------------------------------------- - - -
1 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=80 N D N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, DP=53 N D N
3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0,DP=53 N D F
|
6. Apply the filter set to the 'Output Protocol Filter Set' in the remote node setup
|
