Zilog EZ80F91GA User Manual

Page 44

Advertising
background image

ZGATE Configuration

UM024502-1012

32

ZGATE Embedded Security Development Kit
User Manual

BLACKLIST

If the filtering mode is set to NONE, ZGATE does not use the corresponding

Filter_Type

parameter when deciding if inbound packets should be filtered. If a partic-

ular

Filter_Type

is set to NONE, the ZGATE API, shell and web commands to add/

remove entries from the

Filter_Type

static filtering list do nothing.

If

Filter_Mode

is either WHITELIST or BLACKLIST then for each inbound packet

ZGATE will extract the

Filter_Type

field from the inbound packet (if applicable) and

scan the corresponding

Filter_Type

static filtering list for a matching entry. The packet

is then forwarded to ZTP for processing or discarded based on the filtering mode and
whether a matching entry was found:

If

Filter_Mode

is BLACKLIST, then ZGATE discards the packet if a matching entry

was found; otherwise the packet is routed to ZTP for processing.

If

Filter_Mode

is WHITELIST, then ZGATE only forwards the packet to ZTP if a

matching entry was found; otherwise the packet is discarded.

The filtering mode (

Filter_Mode

) of all ZGATE

Filter_Type

filters cannot be

changed at run time. There is no ZGATE API, shell command or web interface that will
allow the operator to change a filter’s filtering mode.

Static Filtering Rules

Static filtering rules are used to populate one of the static filtering lists. The format of a
static filtering rules record is:

"R" <ConfigNumber> "," <Filter_Mode> "," <State> "," < List_Name>

","<List_Values>

In the above string,

<ConfigNumber>

is a monotonically increasing number assigned to

the rule by the creator of the file. ZGATE does not use, examine or validate this value.

<Filter_Mode>

must match the filtering mode specified in the corresponding static filter

configuration record.

<State>

is either ENABLED or DISABLED. ZGATE will only process the filtering rule

if

<State>

is set to ENABLED; otherwise ZGATE ignores the rule.

<List_Name>

must represent one of the following parameters:

ETH_ADDR.

Defines static filtering list entries for the ETH_ADDR_FILTER.

ETH_FRAME.

Defines static filtering list entries for the ETH_FRAME_FILTER.

IP_ADDR.

Defines static filtering list entries for the IP_SRC_ADDR_FILTER.

IP_PROT.

Defines static filtering list entries for the IP_PROTOCOL _FILTER.

Note:

Advertising
See also other documents in the category Zilog Sensors: