Daniel Roethlisberger <danielat_private> writes: >Unfortunately, though this is how it *should* work -- according to the >documentation you should be able to specify up to 4 filters delimited by >commas -- it does *not*. I was only able to get a single filter active at a >time. It works, but portions of the filter setup process are severely underdocumented. You need to be very careful about chaining rules together, so that the filter sets have to end with a "Check next rule" action for everthing but the last filter set. If you end with a Drop/Forward action, the filter does exactly that without checking further rules. In addition, the filter rules take effect as soon as you exit the individual filter edit menu, which means if you're making changes to multiple rules and adding new filter sets, you need to make the changes via the console port rather than telnet interface because at some point you either have to add a filter set which isn't configured yet or chain to a filter set which you haven't added yet, at which point your telnet session dies. (Neither of these are bugs, just gotchas which are obvious once you think about it). >I've notified ZyXEL by email, but got no response. They're hopeless, and Netgear (who OEM Zyxel stuff) are no better. I have an ICMP filtering bug (basically the filtering doesn't work) which I've been trying to bring to their attention for a month or two, I'll post the details here after one last attempt to contact them. Peter.
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 08:30:27 PDT