Chapter 11 Filter configuration 133BCM50e Integrated Router Configuration - AdvancedFilter Types and NATThere are two classes of filter rules, Generic Filter (Device) rules and protocolfilter (TCP/IP) rules. Generic filter rules act on the raw data that’s going throughbetween LAN and WAN. Protocol filter rules act on the IP packets. Generic andTCP/IP filter rules are discussed in more detail in the next section. When NAT(Network Address Translation) is enabled, the inside IP address and port numberare replaced on a connection-by-connection basis, which makes it impossible toknow the exact address and port on the wire. Therefore, the Business SecureRouter applies the protocol filters to the native IP address and port number beforeNAT for outgoing packets and after NAT for incoming packets. On the otherhand, the generic, or device filters are applied to the raw packets that appear onthe wire. They are applied at the point when the Business Secure Router isreceiving and sending the packets; for example. the interface. The interface can bean Ethernet port or any other hardware port, as illustrated in Figure 64.Figure 64 Protocol and Device Filter SetsFirewall Versus FiltersFirewall configuration is discussed in Chapter 10, “Introducing the firewall,” onpage 115 chapters of this manual. Further comparisons are also made betweenfiltering, NAT and the firewall.