ADSL2+ Router User’s Guide

5-5

5.4

Outbound IP Filter Configuration

Packet filtering is a basic security measure that should be used on any network that is exposed to a

security risk. A packet filter system examines data packets and scrutinizes them in order to control network

access. Filtering rules determine whether packets are passed through the Router from either side of the

gateway. The rules are created and controlled by the network administrator and can be precisely defined.

These rules are used to block access to the LAN from outside the network and/or to deny access to the WAN

from within the network. The Router uses filtering rules to examine data packet headers for specific

information. Packets passing through the Router that do not meet the criteria specified by the rule set are

dropped.

Effective implementation of packet filtering requires detailed knowledge of network services and

communication protocols. An overly complicated filtering scheme can adversely affect the Router’s

performance, while an inadequate set of rules may needlessly compromise security.

This Router has two fields to configure for filtering which are

Outbound

and

Inbound Filters.

Figure 5-5. Outbound IP Filter menu

This window will aid the use in configuring filters for IP addresses. This will deny specified LAN IP

addresses or specific ports associated with these LAN IP address from accessing the Internet. Well known

ports have already been previously set in the

IP Filters List

and can be modified by clicking their

corresponding edit icon, and simple adding an IP address to the configuration. To access this screen, click

the

Advanced

tab along the top of the configuration window and then the

Filters

tab to the left hand side.

Downloaded from

www.Manualslib.com

manuals search engine

C2-010 / C2-010-I ADSL2+ Router User’s Guide

5-6

Filter

Settings

Description

Src IP

Address

Select Any IP, Single IP,

or

IP Range

from the drop-down menu and then enter the

appropriate IP address or addresses that will be the source of packets this filter will act

upon.

Dest IP

Address

Select Any IP, Single IP,

or

IP Range

from the drop-down menu and then enter the

appropriate IP address or addresses that will be the destination of packets this filter will act

upon.

Source

Port

Select

Any Port, Single Port, Port Range,

or

Safe Range

. A port or range of ports that will be

used to connect to the Source IP address or addresses entered above.

If

Any Port

is

entered, all ports in this IP range will be acted upon by this filter.

Dest Port

Select

Any Port, Single Port, Port Range,

or

Safe Range

. A port or range of ports that will be

used to connect to the Destination IP address or addresses entered above.

If

Any Port

is

entered, all ports in this IP range will be acted upon by this filter.

Protocol

The protocol associated with this IP filter. The user may choose between

TCP, UDP

or

TCP;UDP

.

Action

Select between

Allow

or

Deny

.

Allow

will instruct the filter to allow packets that meet the

criteria entered above to cross the router, while

Deny

will instruct the router to drop any

packets that meet the above criteria.

It should be noted the

Allow

will create a much more

restrictive filter than the

Deny

setting.

5.5

Inbound IP Filter Configuration

This window will aid the use in configuring filters for IP addresses. This will deny specified LAN IP

addresses or specific ports associated with these LAN IP address from accessing the Internet. Well known

ports have already been previously set in the

IP Filters List

and can be modified by clicking their

corresponding edit icon, and simple adding an IP address to the configuration. To access this screen, click

the

Advanced

tab along the top of the configuration window and then the

Filters

tab to the left hand side.

Figure 5-6. Inbound IP Filter menu

Downloaded from

www.Manualslib.com

manuals search engine

ADSL2+ Router User’s Guide

5-7

Filter

Settings

Description

Src IP

Address

Select Any IP, Single IP,

or

IP Range

from the drop-down menu and then enter the

appropriate IP address or addresses that will be the source of packets this filter will act

upon.

Dest IP

Address

Select Any IP, Single IP,

or

IP Range

from the drop-down menu and then enter the

appropriate IP address or addresses that will be the destination of packets this filter will act

upon.

Source

Port

Select

Any Port, Single Port, Port Range,

or

Safe Range

. A port or range of ports that will be

used to connect to the Source IP address or addresses entered above.

If

Any Port

is

entered, all ports in this IP range will be acted upon by this filter.

Dest Port

Select

Any Port, Single Port, Port Range,

or

Safe Range

. A port or range of ports that will be

used to connect to the Destination IP address or addresses entered above.

If

Any Port

is

entered, all ports in this IP range will be acted upon by this filter.

Protocol

The protocol associated with this IP filter. The user may choose between

TCP, UDP

or

TCP;UDP

.

Action

Select between

Allow

or

Deny

.

Allow

will instruct the filter to allow packets that meet the

criteria entered above to cross the router, while

Deny

will instruct the router to drop any

packets that meet the above criteria.

It should be noted the

Allow

will create a much more

restrictive filter than the

Deny

setting.

Downloaded from

www.Manualslib.com

manuals search engine

C2-010 / C2-010-I ADSL2+ Router User’s Guide

5-8

5.6 Firewall

This Router comes equipped with a firewall. The

Firewall

configuration screen allows the Router to enforce

specific predefined policies intended to protect against certain common types of attacks. To configure the Router’s

firewall, click the

Advanced

tab at the top of the screen and then the

Firewall

tab to the left.

Figure 5-7. Firewall Configuration Menu

When DoS, Port Scan, or Service Filtering Protection is enabled, it will create a firewall policy to protect your

network against the following:

Dos Protection

Port Scan Protection

Service Filtering

SYN Flood check

ICMP Redirection

check

Nmap/FIN attack

URG/PSH attack

Xmas Tree Scan

Null Scan attack

SYN/RST attack

SYN/FIN Scan

Ping from WAN

Telnet from WAN

FTP from WAN

DNS from WAN

IKE from WAN

RIP from WAN

DHCP from WAN

A DoS "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate

users of a service from using that service. Examples include: attempts to "flood" a network, thereby

preventing legitimate network traffic, attempts to disrupt connections between two machines, thereby

preventing access to a service, attempts to prevent a particular individual from accessing a service, or,

attempts to disrupt service to a specific system or person.

Port scan protection is designed to block attempts to discover vulnerable ports or services that might be

exploited in an attack from the WAN.

Downloaded from

www.Manualslib.com

manuals search engine

ADSL2+ Router User’s Guide

The Service Filtering options allow you to block FTP, Telnet response, Pings, etc, from the external

network.

Check the category you want to block to enable filtering of that type of packet.

When you have selected the desired Firewall policies, click the

Apply

button to enforce the policies.

5-9

5.7 DMZ

Click on the DMZ menu button to display the DMZ menu. If your computer cannot run Internet

applications properly with the device, then you can enable this option to allow the computer accessing the

unrestricted Internet. Enter the IP address of the computer as a DMZ (Demilitarized Zone) host. Adding the

computer to the DMZ may expose it under insecurity risk; thus suggest not using this option unless no other

alternatives.

User can select to enable or disable the UPNP Settings and VPN Pass-Through in this page; the default

settings are both Enabled.

Figure 5-8. DMZ menu

Downloaded from

www.Manualslib.com

manuals search engine