D-Link DGL-4300 manual Configuring an Inbound Filter Rule

Page 42

Using the Configuration Interface

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the router or which corresponds to a Virtual Server, Gaming, or Special Application Rule is ALLOWED by default.

When rules are configured, the router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by one in the order that they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED. Once a match has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only a specific subset of traffic usually requires more than one rule to be entered.

Example:

You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat Evolved with some friends. You would like to limit the access to your network and server to specific times of the day and only to your friends.

Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies a schedule of Friday and Saturday between 7PM and 11PM.

All of your friends use the same service provider and have IP addresses 67.150.220.117, 67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of these addresses individually or you may just decide that using an IP range that covers all of them is sufficient for your needs.

The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you want to have access to your network. It is important to enter the DENY rule first since all subsequent rules will be added higher in the list and will be checked first. It should look similar to the figure on the right.

Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the log for this rule so that you can check in the log for anything that is filtered inappropriately.

Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three

IP addresses.

42

D-Link Systems, Inc.

Page 41 Page 43
Image 42
Page 41 Page 43
Contents Page Contents Application Level Gateway ALG Configurations Table of Contents Appendix Package Contents Minimum System RequirementsIntroduction Features and Benefits Hardware Overview ConnectionsPower LED LEDsWireless Basics Installation Considerations Standards-based TechnologyUsing the Configuration Interface BasicWizard Internet Connection Setup Wizard Page Wireless Security Setup Wizard Page WAN ModesUse the Default MTU MAC AddressIP Address Subnet Mask Default Gateway Static WAN ModeDhcp WAN Mode Host Name Dhcp ConnectionPPPoE WAN Mode UsernameMaximum Idle Time PPPoE Connection Pptp Server IP Address Username Pptp WAN ModePptp IP Address Pptp Subnet Mask Maximum Idle Time Pptp ConnectionL2TP WAN Mode LAN SettingsNumber of Dynamic Dhcp Clients Dhcp IP Address Range Dhcp Lease TimeAdd Static Dhcp Client Static Dhcp Client ListWireless Basic Wireless SettingsMode Super G Mode Wireless Security Mode WEPWPA-Personal WPA-EnterpriseAdvanced Virtual ServerAdd/Edit Virtual Server Virtual Servers ListProtocol Private Port Public Port Schedule Save IPSec VPN Special ApplicationsApplication Level Gateway ALG Configurations NetMeetingRule Name Add/Edit Special Applications RuleSpecial Applications Rules List Schedule SaveGame Rules List GamingAdd/Edit Game Rule Rule Name IP AddressGameFuel Setup GameFuelConnection Type Detected Xdsl or other Frame Relay Network Add/Edit GameFuel Rule GameFuel Rules ListName Priority Route List RoutingAdd/Edit Route Netmask Gateway Interface Metric SaveAdd/Edit Access Control Rule Access ControlEnabled Apply Web Filter Log Internet Access Filter Ports SaveWeb Filter Access Control Rules ListEnable Add/Edit Web Site Add MAC Address Filter Settings Mac Address Filters MAC Address ListFirewall Settings Enable SPI Enable DMZ DMZ IP AddressFirewall Add/Edit Inbound Filter Rule Enable NameInbound Filters Inbound Filter Rules ListConfiguring an Inbound Filter Rule Advanced Wireless Advanced Wireless SettingsSave and Restore Configuration AdminPassword Save Settings Restore SettingsTime Time ConfigurationSet the Date and Time Schedule Rules List SchedulesAdd/Edit Schedule Rule All DayEmail Settings Email Log When Full or on ScheduleSyslog System Commands Reboot the DeviceSystem Firmware Firmware UpgradeFirmware Upgrade Notification Options Firmware InformationDynamic DNS General StatusDevice Info ServerWireless LAN Wireless RadioChannel Turbo Mode Security Type Log Options LogsStatistics Log DetailsActive Sessions Wireless StatisticsSent Received TX Packets Dropped Errors LAN StatisticsAppendix Change Admin PasswordChange the default LAN IP address Securing Your NetworkEnable WPA Personal or Enterprise Set up MAC FilteringSet the Visibility Status to Invisible Glossary Appendix Appendix Graphical user interface GUI Appendix Megabit Mb Megabyte MB Megabits per second Mbps Appendix Appendix Virtual LAN Technical Specifications Warranty Wireless Signal Rates1 with Automatic FallbackPower Input StandardsContacting Technical Support Tech Support for customers within the United StatesTech Support for customers within Canada Warranty Page Page FCC Caution Important NoteRegistration
Related manuals
Manual 2 pages 16.89 Kb Manual 72 pages 19.84 Kb
Top Page Image Contents