27-16 Filter Configuration3317517-A Rev 00the IP packets. Generic and TCP/IP filter rules are discussed in more detail in the next section.When NAT (Network Address Translation) is enabled, the inside IP address and port number arereplaced on a connection-by-connection basis, which makes it impossible to know the exactaddress and port on the wire. Therefore, the Contivity 221 applies the protocol filters to the“native” IP address and port number before NAT for outgoing packets and after NAT forincoming packets. On the other hand, the generic, or device filters are applied to the raw packetsthat appear on the wire. They are applied at the point when the Contivity 221 is receiving andsending the packets; i.e. the interface. The interface can be an Ethernet port or any other hardwareport. The following diagram illustrates this.Figure 27-12 Protocol and Device Filter Sets27.5 Firewall Versus FiltersFirewall configuration is discussed in the firewall chapters of this manual. Further comparisonsare also made between filtering, NAT and the firewall.27.6 Applying a FilterThis section shows you where to apply the filter(s) after you design it (them). The Contivity 221already has filters to prevent NetBIOS traffic from triggering calls, and block incoming telnet,FTP and HTTP connections.If you do not activate the firewall, it is advisable to apply filters.