Chapter 10

Configuring Filters

This chapter provides information about configuring and using filters for your Model RT311 or RT314 Internet Access Gateway Router.

Filters are used to block certain packets, reduce traffic, and prevent security breaches. The router uses packet filters to determine whether to allow or deny passage of each data packet, based on information found in the packet. A filter is defined by rules declaring what information is to be checked and what action is to be taken (forward or discard) when a match is found. Two types of packet filters are supported by the router: IP protocol filters and generic or “device” filters. An IP protocol filter screens the packet based on IP address and port information contained in the packet. A generic filter looks for a specified pattern of bits at a specified location in the packet.

In the configuration of IP filters, it is necessary to specify ports and protocols by their assigned numbers instead of names. A comprehensive list of protocol and port numbers for common IP traffic can be found in IETF RFC1700, “Assigned Numbers.” Many common port numbers are also listed on any Windows PC in a file called \windows\services.

The Model RT311 and RT314 routers allow you to customize filter sets according to your needs. The following sections describe how to configure the filter sets for your router.

Router Filter Structure

You can configure up to 12 filter sets, each with up to six rules. For IP packets, these rules involve comparing the protocol type of a data packet (for example, TCP, UDP), source or destination address, or port number. Also, a generic filter may be defined to merely test for a byte or pattern of bytes in a particular location in the packet. When a rule is met (or not met), a user-specified action is taken. This action may be to forward the packet, drop the packet, or go to the next rule.

Configuring Filters

10-1

Page 103
Image 103
NETGEAR RT311, RT314 manual Chapter Configuring Filters, Router Filter Structure