Cradlepoint IBR600 manual IP Filter Rules

CRADLEPOINT IBR600 USER MANUAL Firmware ver. 3.3.0

6.4.2IP Filter Rules

An "Incoming" IP filter rule restricts remote access to computers on your local network. "Outgoing" filter rules prevent computers on your local network from initiating communication to the address range specified in the rule.

This feature is especially useful when combined with

port forwarding and/or DMZ to restrict remote access to a specified host or network range. For example, in order to host a server you might have opened ports with a port forwarding rule that could expose your LAN to cyber attacks. With an incoming IP filter rule, you can restrict the access to your LAN to only known devices.

∙Name: Name your rule.

∙Direction: ―Incoming‖ or ―Outgoing‖

∙Action: ―Allow‖ or ―Deny‖

∙Start Port: Use for a single port or a range of ports.

∙End Port: Use for a single port or a range of ports.

∙Network Address

∙Subnet Mask

Use Start Port, End Port, Network Address, and Subnet Mask to specify the ports and addresses for which the rule applies. You can specify a range of ports or a single port (by inputting the same value in both port fields). Similarly, the subnet mask can be used to define either a range of addresses (i.e. 255.255.255.0) or a single address (255.255.255.255).

Example of an IP Filter Rule: Suppose you have opened a port in your firewall in order to run a server. Someone, Johnny, is abusing that opening, so you would like to restrict his access. Create a rule that will deny Johnny‘s IP address.

∙Name: No more Johnny

∙Direction: Incoming

∙Action: Deny