Rule Order, When the rule is ordered as ABC | NetComm NB712 manual

Rule Order

The order of the rules affects the ﬁltering result. The ﬁltering process will proceed from top to bottom, changing the order will give a different result. For example:

Rule	Source Address	Destination Address	Action
A	10.0.0.0	172.16.6.0	Permit
B	10.1.99.0	172.16.0.0	Deny
C	Any	Any	Deny

Where “0” at the last eight bits indicates “from 1 to 254”, “0” at any eight bits preceding “0”, “0.0” or “0.0.0” indicates “from 1 to 254”. On the other hand, “0” and all “0” successive with “0” represents any.

When the rule is ordered as ABC.

Index	Source Address	Destination Address	Action
1	10.1.99.1	172.16.1.1	Deny (B)
2	10.1.99.1	172.16.6.1	Permit (A)
3	10.1.1.1	172.16.6.1	Permit (A)
4	10.1.1.1	172.16.1.1	Deny (C)
5	192.168.3.4	172.16.6.1	Deny (C)

The rule order will permit 10.1.99.1 to access 172.16.6.1.

When the rule is ordered as BAC.

Index	Source Address	Destination Address	Action
1	10.1.99.1	172.16.1.1	Deny (B)
2	10.1.99.1	172.16.6.1	Deny (B)
3	10.1.1.1	172.16.6.1	Permit (A)
4	10.1.1.1	172.16.1.1	Deny (C)
5	192.168.3.4	172.16.6.1	Deny (C)

The rule order will deny 10.1.99.1 to access 172.6.6.1.

NB712 /	NB714 User Guide	55
YML829	Rev1

Image 55

NetComm NB712 manual Rule Order, 10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any, When the rule is ordered as ABC

Contents

Page Contents NB714 User Guide Package Contents FeaturesIntroduction Security SpeciﬁcationRouting Bridging WAN Interface IndicatorsATM QoS AAL5 Encapsulation Product Information ApplicationPhysical/Electrical Memory Firewall Packet Filtering Types of FirewallThere are three types of ﬁrewall Circuit Gateway Denial of Service AttackApplication Gateway UDP Flood Ping of deathSYN Flood Icmp Flood Frame Speciﬁcation Vlan Virtual Local Area Network VID uniquely identiﬁes the Vlan to which the frame belongs Applications Front Panel Getting to know the routerLED status LAN 1,2,3,4 Rear Panel Check the Ethernet Adapter in PC Connecting your G.SHDSL Modem RouterCheck the Terminal Access Program Determine Connection Setting Bridge EoA Route EoA IPoA PPPoA Port router with network topology Install the Shdsl RouterPPPoE Cross-over Ethernet cables can be used Conﬁguration via Web Browser Router, which will lose any previous conﬁguration System error or disconnection Basic SetupClick Basic for basic installation LAN Parameters Bridge ModeEnter Host Name Enter VPI Enter VCI Click LLC Click Next WAN1 Parameters Routing Mode Dhcp Client Click Next to setup WAN1 parametersLAN IP Type Subnet Mask Dhcp ServerIP type IP Address DNS Server Trigger Dhcp Service Relay Dhcp relay For more information, refer to the section on NAT/DMZ PPPoE or PPPoAAAL5 Encap Protocol Idle Time PasswordPassword Conﬁrm Username Eprom Gateway IPoA or EoA Eprom Advanced Setup Data Rate Annex TypeLink Type Data rate Reconnect for better line connection Shdsl SNR marginMargin range is from 0 to Margin, the better the line connection WAN PCR Peak Cell Rate in kbps QoS Quality of ServiceUBR Unspeciﬁed Bit Rate CBR Constant Bit Rate Bridge Eprom Vlan Packets Pvid Press Modify RIP ModeRoute Auto RIP Summary RIP Version Authentication requiredPoison Reverse NAT/DMZ Count Global Start IP Address Multi-DMZMulti-NAT Virtual Start IP Address Virtual Server Basic Firewall Security Firewall Automatic Firewall Security Connections and will be unresponsive Advanced Firewall SecurityClick Advanced Firewall Security and then press Finish SYN Attack Ping of death attack attempts to crash your system by Addresses originating from your network Dest. IP Address DirectionDescription Src. IP Address Filtering rule will be conﬁgured as follow Filtering Rule for Smtp connection Filtering Result Update Filtering Rule Rule Order When the rule is ordered as ABC10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide MIB Snmp Community Snmp status Version Community Click on Time Sync Time Sync Time Server Sntp serviceTime Zone Utility System Info Lose all the conﬁgured parameters Restore ConﬁgurationBackup Conﬁguration 10.2 Conﬁg Tool Upgrade To logout the router, press logout Logout Restart You can monitor the following Status CO side LAN-to-LAN connection with bridge ModeLAN Parameters Enter VPI Enter VCI Encap WAN1 ParametersEnter IP 192.168.1.1 Enter Subnet Mask Enter Gateway 192.168.1.1 Enter Host Name Host Name Enter Soho CPE SideVCI32 EncapLLC IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host Name LAN to LAN Connection with Routing ModeDhcp Service Click Route and CO Side then press Next WAN Parameters Click Next to setup the IP parameters IP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name Click Route and CPE Side then press Next 192.168.30.2 Baudrate 9600 Data Bits Parity Check Stop Bits Flow-control Useradmin PasswordSerial Console Telnet Operation Interface Window structure To choose another parameters Menu Driven Interface CommandsCtrl + C To quit the conﬁguring item Ctrl + Q For help Menu Tree 14.7 Conﬁguration Exit Quit system Ping Packet internet groper command AdminDone via utility command Utility Status Script ShowSystem Conﬁg Ping RebootAdministration Write User Proﬁle Edit Community Entry List Show Snmp Supervisor Password and ID Move the cursor to timeserver1 and press enter Move the cursor to service and press enterSntp Move the cursor to sntp and press enter Move the cursor to list and review the setting Mode SetupUtility Exit Shdsl 14.16.3 WAN After enter add menu, the screen will prompt as follow Bridge Move the cursor to vlan and press enter Vlan Follow the following steps to conﬁgure 802.11q Vlan 14.16.6 802.11Q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 Screen will display the following Generic command can setup RIP mode and auto summery modeYou can review the list of RIP parameters via list command Route IP share 14.16.8 LAN You can conﬁgure NAT parameters in nat menu 14.16.10 NAT Mapping After key in enter, the screen will prompt as below 14.16.11 PAT Firewall You can enable the demilitarized zone via active commandﬁrewall security level can conﬁgure via level command 14.16.12 DMZ Active DoS Protection IPQoS Dhcp You can view the Dhcp conﬁguration via list command DNS proxy DefaultHost name 100Mbps Appendix a Cable InformationRJ-45 Network Ports 10Mbps Straight-Through Cabling Straight and crossover cable conﬁgurationCross-Over Cabling TxD Shdsl Line Connector Console CableNo connection RxD O Contact Information Appendix B Registration and Warranty Information Product Warranty