Chapter 6 Traffic Policy

as all traffic that would not meet these requirements will be blocked by the default "catch all" rule.

Other methods of Internet access limitations can be found in the Exceptions section (see below).

Note: Rules mentioned in these examples can be also used if WinRoute is intended as a neutral router (no address translation) — in the Translation entry there will be no translations defined.

1.Allow access to selected services only. In the translation rule in the Service entry specify only those services that are intended to be allowed.

Figure 6.26 Internet connection sharing — only selected services are available

2.Limitations sorted by IP addresses. Access to particular services (or access to any Internet service) will be allowed only from selected hosts. In the Source entry define the group of IP addresses from which the Internet will be available. This group must be formerly defined in Configuration Definitions Address Groups (see chapter 13.5).

Figure 6.27 Only selected IP address group(s) is/are allowed to connect to the Internet

Note: This type of rule should be used only if each user has his/her own host and the hosts have static IP addresses.

3.Limitations sorted by users. Firewall monitors if the connection is from an authen- ticated host. In accordance with this fact, the traffic is permitted or denied.

Figure 6.28 Only selected user group(s) is/are allowed to connect to the Internet

110

Page 110
Image 110
Kerio Tech Firewall6 manual 110