D-Link DGL-4300 manual Configuring an Inbound Filter Rule

Page 40

Using the Configuration Interface

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the router or which corresponds to a Virtual Server, Gaming, or Special Application Rule is ALLOWED by default.

When rules are configured, the router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by one in the order that they are listed in the Rule list until it finds a match.The packet will either be DENIED (Dropped) or ALLOWED. Once a match has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only a specific subset of traffic usually requires more than one rule to be entered.

Example:

You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat Evolved with some friends. You would like to limit the access to your network and server to specific times of the day and only to your friends.

Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies a schedule of Friday and Saturday between 7PM and 11PM.

All of your friends use the same service provider and have IP addresses 67.150.220.117, 67.150.231.43, and 67.150.231.75.You have an option of defining a set of rules to match each one of these addresses individually or you may just decide that using an IP range that covers all of them is sufficient for your needs.

The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you want to have access to your network. It is important to enter the DENY rule first since all subsequent rules will be added higher in the list and will be checked first. It should look similar to the figure on the right.

Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the log for this rule so that you can check in the log for anything that is filtered inappropriately.

Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three IP addresses.

40

D-Link Systems, Inc.

Page 39 Page 41
Image 40
Page 39 Page 41
Contents Page Contents Application Level Gateway ALG Configurations Table of Contents Appendix Package Contents Minimum System RequirementsIntroduction Features and Benefits Hardware Overview ConnectionsPower LED LEDsWireless Basics Installation Considerations Standards-based TechnologyBasic Using the Configuration InterfaceWizard Internet Connection Setup Wizard Page Wireless Security Setup Wizard Page WAN ModesUse the Default MTU WAN Port Speed MAC AddressStatic WAN Mode Dhcp WAN ModeIP Address Subnet Mask Default Gateway Host Name Dhcp ConnectionLAN Settings PPPoE WAN ModeIP Address Default Subnet Mask Number of Dynamic Dhcp Clients Dhcp IP Address Range Dhcp Lease TimeAdd Static Dhcp Client Static Dhcp Client ListWireless Basic Wireless SettingsWireless Security Mode WEPWPA-Personal WPA-EnterpriseAdvanced Virtual ServerAdd/Edit Virtual Server Virtual Servers ListApplication Level Gateway ALG Configurations Special ApplicationsAdd/Edit Special Applications Rule Special Applications Rules ListRule Name Trigger Port Range Input Port Range Input Port Protocol Schedule SaveGaming Add/Edit Game RuleGame Rules List Rule Name IP AddressGameFuel Setup Enable GameFuelGameFuel Uplink SpeedAdd/Edit GameFuel Rule GameFuel Rules ListEnable Destination IP Netmask Gateway Interface Metric Save RoutingAdd/Edit Route Route ListEnabled Access ControlAdd/Edit Access Control Rule Access Control Rules List EnableWeb Filter Add/Edit Web Site Filter Settings Enable MAC Address Save Mac Address Filters Add MAC AddressEnable SPI Enable DMZ DMZ IP Address Firewall SettingsFirewall Add/Edit Inbound Filter Rule Inbound FiltersInbound Filter Rules List Configuring an Inbound Filter Rule Advanced Wireless Advanced Wireless SettingsAdmin PasswordAdministration Save and Restore ConfigurationTime Configuration TimeSet the Date and Time Time ZoneSchedules Add/Edit Schedule RuleSchedule Rules List Schedule Name Days All Day Start Time End Time SaveEmail Settings Email Log When Full or on ScheduleSyslog Address Enter the IP address of the Syslog ServerReboot the Device System CommandsSystem Firmware Upgrade Firmware Upgrade Notification OptionsFirmware Firmware InformationDynamic DNS Tools Dynamic DNSDevice Info StatusGeneral Wireless LAN Logs StatisticsLog Options Log DetailsWireless Statistics Sent Received TX Packets Dropped ErrorsActive Sessions LAN StatisticsAppendix Securing Your NetworkSet the Visibility Status to Invisible Glossary Appendix Appendix Graphical user interface GUI Appendix Megabit Mb Megabyte MB Megabits per second Mbps Appendix Appendix Virtual LAN Technical Specifications Software FeaturesExternal Antenna Type Contacting Technical Support Tech Support for customers within CanadaWarranty Back any accessories Page Important Note Registration
Related manuals
Manual 2 pages 16.89 Kb Manual 74 pages 52.48 Kb
Top Page Image Contents