6-6 AcerRouter 700 Series User Guide
satisfied by this packet filtering feature.
Packet filtering is a security feature that allows you to selectively pass or throw away
data traffic between your local LAN and the wide area network (e.g., the Internet).
Specifically, it allows you to define:
-each and every IP packet to be inspected to determine if it should be allowed
to be transmitted over a WAN interface, or alternatively,
-each and every IP packet to be inspected to determine if it should be
disallowed from being transmitted over a WAN interface.
Due to the conflicting nature of allow and disallow, only one of the above two
choices can be made for each WAN interface. After the choice is made, you can
define selection rules to “select” which packets will be allowed (or disallowed).
Each selection rule consists of
-a set of local IP addresses/ports, plus
-a set of remote IP addresses/ports,
where IP addresses can be
-a single IP address,
-a range of IP addresses,
-a network address, or
-any IP address,
and port numbers can be
-a single port number,
-a range of port numbers, or
-any port number.
Therefore packet filtering simply defines sets of rules of what to allow or disallow
through a set of parameters as highlighted below:
remote devices with IP addresses/port numbers
are allowed (or disallowed) to communicate with
local devices with IP addresses/port numbers over
a WAN connection.
Examples of packet filtering requirements are:
1. “I want to block any outside user from being able to telnet into my web
server”.
2. “I want to disallow people in the manufacturing department to access the
Internet“.
The corresponding “translated” packet rules are:
1. remote devices with ANY IP address/port number are disallowed to
communicate with the local web server (identified by its IP address and the
HTTP port number over my Internet connection.
2. remote devices with the range of IP addresses in the manufacturing
department and any port number are disallowed to communicate with any IP
address/port number over my Internet connection.
Adding/Editing/Deleting a Packet RuleTo add a new packet rule or to edit an existing one, select IP Filter from the SMART