ZyXEL → Firewall and packet filtering

First off, sorry if this has been addressed in detail before. I tried a search but didn't find the answer.

I picked up a P334W to replace an old Netgear RT314 (I used to post a bit in the Netgear forums a while back but have been AWOL since).

I had a pretty good handle on the configuring the RT314 but the P334W adds the firewall. Just wondering how the packet filter interacts with the firewall. Is it a pre-filter? Post-filter? Does it somehow override the firewall rules?

For example, if my firewall is set to block WAN to LAN and the last rule in my filter set is set to forward on everything, does it:

- forward even if the firewall would normally block it?
- subject it to the firewall rulesets afterwards?

Also, is there any reason to muck with firewall rulesets in the CI? Is there a guide on this?

said by jiggles5:

---

For example, if my firewall is set to block WAN to LAN and the last rule in my filter set is set to forward on everything, does it:

- forward even if the firewall would normally block it?
- subject it to the firewall rulesets afterwards?

Also, is there any reason to muck with firewall rulesets in the CI? Is there a guide on this?

---

Assuming that you mean WAN_Input filter set, then the packet is subject to the firewall rules afterwards. The "config" commands allow you to change how the firewall responds. I use the "config" commands to eliminate logging to inbound broadcasts, for example.

To gain more insight into the relationship between the firewall and the packet filters, download the Zywall10W_3.62_UsersGuide and look at Appendix G, "The Big Picture".

Information about the "config" commands is given here:

»www.zyxel.com/support/su ··· 4_ci.htm

Thanks. That was just what I was looking for. Don't know why that diagram wasn't included in the P334W manual. Maybe they assume people buying the lower end products wouldn't be tweaking stuff as much.