DSL-500G ADSL Router User’s Guide
Interface: The interface on the device on which the rule will take effect.
In Interface: The interface from which packets must have been forwarded to the interface specified in the previous selection. This option is valid only on rules defined for the outgoing direction.
Log Option: When Enabled is selected, a log entry will be created on the system each time this rule is invoked. The log entry will include the time of the violation, the source address of the computer responsible for the violation, the destination IP address, the protocol being used, the source and destination ports, and the number violations occuring the the previous x minutes. (Logging may be helpful when troubleshooting.) This information can also be
Security Level: The security level that must be enabled globally for this rule to take affect. A rule will be active only if its security level is the same as the globally configured setting (shown on the main IP Filter page). For example, if the rule is set to Medium and the global firewall level is set to Medium, then the rule will be active; but if the global firewall level is set to High or Low, then the rule will be inactive.
Black List Status: Specifies whether or not a violation of this rule will result in the offending computer's IP address being added to the Black List, which blocks the Router from forwarding packets from that source for a specified period of time.
Log Tag: A description of up to 16 characters to be recorded in the log in the event that a packet violates this rule. Be sure to set the Log Option to Enable if you configure a Log Tag.
Start/End Time: The time range during which this rule is to be in effect, specified in military units.
Src IP Address: IP address criteria for the source computer(s) from which the packet originates. In the
•any: any source IP address.
•lt: any source IP address that is numerically less than the specified address.
•lteq: any source IP address that is numerically less than or equal to the specified address.
•gt: any source IP address that is numerically greater than the specified address.
•eq: any source IP address that is numerically equal to the specified address.
•neq: any source IP address that is not equal to the specified address.
•range: any source IP address that is within the specified range, inclusive.
•out of range: any source IP address that is outside the specified range.
•self: the IP address of the Router interface on which this rule takes effect.
Dest IP Address: IP address rule criteria for the destination computer(s) (i.e., the IP address of the computer to which the packet is being sent). In addition to the options described for the Src IP Address field, the following option is available:
•bcast: specifies that the rule will be invoked for any packets sent to the broadcast address for the receiving interface. (The broadcast address is used to send packets to all hosts on the LAN or subnet connected to the specified interface.) When you select this option, you do not need to specify the address, so the address fields are dimmed.
Protocol: IP protocol criteria that must be met for rule to be invoked. You can specify that packets must contain the selected protocol (eq), that they must not contain the specified protocol (neq), or that the rule can be invoked regardless of the protocol (any). TCP, UDP, and ICMP are commonly used IP protocols; others can be identified by number, from
Store State: If this option is enabled, then stateful filtering is performed and the rule is also applied in the other direction on the given interface during an IP session.
Source Port: Port number criteria for the computer(s) from which the packet originates. This field will be dimmed (unavailable for entry) unless you have selected TCP or UDP as the protocol. See the description of Src IP Address for the selection options.
Dest Port: Port number criteria for the destination computer(s) (i.e., the port number of the type of computer to which the packet is being sent). This field will be dimmed (unavailable for entry) unless you have selected TCP or UDP as the protocol. See the description of Src IP Address for the selection options.
40
