CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010
CRADLEPOINT, INC.
PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 49
5.5.2
Inbound Filter Rules List
This section lists the current Inbound Filter rules. Click the
Enable
check box at the left to directly activate or de-activate the entry. An
entry can be changed by clicking the
Edit
icon or can be deleted by
clicking the
Delete
Inbound Filters Rule List section icon. When you
click the
Edit
icon, the item is highlighted, and the
Inbound Filter Rules
section is activated for editing.
After you‟ve completed all modifications or deletion
s, you must click the
Save Settings
button at the top of the page to save your changes. The
router must reboot before new settings will take effect. You will be prompted to
Reboot the Device
or
Continue
. If you need to make additional
settings changes, click
Continue
. If you are finished with all configuration settings, click the
Reboot the Device
button.
5.5.3
Configuring an Inbound Filter Rule
When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the
router or which corresponds to a
Virtual Server
,
Gaming
, or
Special Application Rule
is ALLOWED by default. When rules are configured, the
router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by
one in the order that they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED. Once a match
has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only
a specific subset of traffic usually requires more than one rule to be entered.
Example: You have configured a game server, using the
Advanced
→
Gaming
sub-menu, to play HALO: Combat Evolved with some friends. You
would like to limit the access to your network and server to specific times of the day and only to your friends.
Next you would define a schedule on the
Tools
→
Schedule
sub-menu, called Game time, which specifies a schedule of Friday and Saturday
between 7 PM and 11 PM. This example will assume all of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of these addresses individually or you may
just decide that using an IP range that covers all of them is sufficient for your needs.
The first rule is to configure a
DENY
rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you
want to have access to your network. It is important to enter the
DENY
rule first since all subsequent rules will be added higher in the list and will
be checked first. Notice that it covers all
Source IP Address
,
Source Ports
, and
Times (Always)
, but is specifically tied to the Public Ports
defined in the
Game Rule List
.
This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the
log for this rule so that you can check in the log for anything that is filtered inappropriately. Next configure the
ALLOW
rules.