Filter Example

A filter for blocking the FTP connections from WAN


The P-334WT supports the firmware and configuration files upload using FTP connections via LAN and WAN. So, it is possible that anyone can make a FTP connection over the Internet to your P-334WT. To prevent outside users from connecting to your P-334WT via FTP, you can configure a filter to block FTP connections from WAN.

Before configuring a filter, you need to know the following information:

  1. The inbound packet type (protocol & port number): In this case, it is TCP(06) protocol with port 20 or 21.
  2. The source IP address: In this case, we block all connections from outside so the source IP is 0.0.0.0.
  3. The destination IP address:  It is the P-334WT's IP address, but it is not available in SUA case since most WAN IP address is dynamically assigned by the ISP. So, we can only enter 0.0.0.0 as the destination IP in the filter rule. Once 0.0.0.0 is set as the destination IP, no FTP connections are allowed to reach the P-334WT nor the FTP server on the LAN. For the LAN-to-LAN connection, you enter the P-334WT's LAN IP as the destination IP in the filter rule. After the FTP filter is applied to the remote node, it only blocks the FTP connection to the P-334WT but still permits the FTP connection to the local FTP server.


All contents copyright © 2004 ZyXEL Communications Corporation.