Vigor2900 Series User’s Guide

75

Web Content Filter (for V models only)

We all know that the content on the Internet just like other types of media may be

inappropriate sometimes. As a responsible parent or employer, you should protect those in your

trust against the hazards. With Web filtering service of the Vigor router, you can protect your

business from common primary threats, such as productivity, legal liability, network and

security threats. For parents, you can protect your children from viewing adult websites or chat

rooms.

Once you have activated your Web Filtering service in Vigor router and chosen the categories of

website you wish to restrict, each URL address requested (e.g.www.bbc.co.uk) will be checked

against our server database, powered by SurfControl. The database covering over 70 languages

and 200 countries, over 1 billion Web pages divided into 40 easy-to-understand categories. This

database is updated as frequent as daily by a global team of Internet researchers. The server will

look up the URL and return a category to your router. Your Vigor router will then decide

whether to allow access to this site according to the categories you have selected. Please note

that this action will not introduce any delay in your Web surfing because each of multiple load

balanced database servers can handle millions of requests for categorization.

Choose

IP Filter/Firewall Setup

on the

Advanced Setup

group. Below shows the menu

items for Firewall.

To edit or add a filter, click on the set number to edit the individual set. The following page

will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit

each rule. Check

Active

to enable the rule.

Vigor2900 Series User’s Guide

76

Filter Rule

Click a button numbered (1 ~ 7) to edit the filter rule. Click the button

will open Edit Filter Rule web page. For the detailed information,

refer to the following page.

Active

Enable or disable the filter rule.

Comment

Enter filter set comments/description. Maximum length is

23–character long

Next Filter Set

Set the link to the next filter set to be executed after the current filter

run. Do not make a loop with many filter sets.

To edit

Filter Rule

, click the

Filter Rule

index button to enter the Filter Rule setup page.

Comments

Enter filter set comments/description. Maximum length is 14-

character long.

Check to enable the

Filter Rule

Check this box to enable the filter rule.

Vigor2900 Series User’s Guide

77

Pass or Block

Specifies the action to be taken when packets match the rule.

Block Immediately -

Packets matching the rule will be dropped

immediately.

Pass Immediately -

Packets matching the rule will be passed

immediately.

Block If No Further Match -

A packet matching the rule, and that

does not match further rules, will be dropped.

Pass If No Further Match -

A packet matching the rule, and that

does not match further rules, will be passed through.

Branch to other Filter

Set

If the packet matches the filter rule, the next filter rule will branch

to the specified filter set. Select next filter rule to branch from the

drop-down menu.

Only the item of

Block If No Further Match

or

Pass If No

Further Match

is selected as the

Pass or Block

action, the system

will continue for inspection according to the specified filter set.

Log

Check this box to enable the log function. Use the Telnet command

log-f

to view the logs.

Keep State

It is used for Data Filter only. Keep State is in the same nature of

modern term Stateful Packet Inspection. If enabled, this rule will be

added to State table when it is matched by a packet. When other

packets in the same session as the matched packet is applied to Data

Filer, they will be checked against the rules in State table first. If

matched, they can pass immediately without having to check any

rule in Data Filter. Only ICMP, TCP and UDP protocols can be

added to State table.

Direction

Set the direction of packet flow. It is for

Data Filter

only. For the

Call Filter

, this setting is neglected since

Call Filter

is only applied

to outgoing traffic.

IN -

Specify the rule of filtering incoming packets.

OUT -

Specify the rule of filtering outgoing packets.

Protocol

Specify the protocol(s) which this filter rule will apply to.

Fragments

Specify the action for fragmented packets. And it is used for

Data

Filter

only.

Vigor2900 Series User’s Guide

78

Don’t care -

No action will be taken towards fragmented packets.

Unfragmented -

Apply the rule to unfragmented packets.

Fragmented -

Apply the rule to fragmented packets.

Too Short -

Apply the rule only to packets that are too short to

contain a complete header.

IP Address

Specify a source and destination IP address for this filter rule to apply

to. Click

Edit

to open the following page and type in the IP address.

Operator, Start Port

and End Port

The operator column specifies the port number settings. If the

Start

Port

is empty, the

Start Port

and the

End Port

column will be

ignored. The filter rule will filter out any port number.

(=)

If the End Port is empty, the filter rule will set the port

number to be the value of the Start Port. Otherwise, the port

number ranges between the Start Port and the End Port (including

the Start Port and the End Port).

(!=)

If the End Port is empty, the port number is not equal to the

value of the Start Port. Otherwise, this port number is not between

the Start Port and the End Port (including the Start Port and End

Port).

(>)

Specify the port number is larger than the Start Port (includes

the Start Port).

(<)

Specify the port number is less than the Start Port (includes the

Start Port).

Time Schedule

To invoke the rules during specific periods, enter the number of the

scheduler predefined in

Call Schedule Setup

on the

Advanced

Setup group

.

Vigor2900 Series User’s Guide

79

Example of Restricting Unauthorized Internet Services

To set a simple example to restrict someone from accessing WWW services, we assume the IP

address of the access-restricted user is 192.168.1.10. The filter rule is created in the Data Filter

set and is shown as below.

3.7.2 General Setup

General Setup allows you to adjust settings of IP Filter and common options.

Here you can

enable or disable the

Call Filter

or

Data Filter

. Under some circumstance, your filter set can

be linked to work in a serial manner. So here you assign the

Start Filter Set

only. Also you

can configure the

Log Flag

settings,

Apply IP filter to VPN incoming packets

and

Accept

incoming fragmented UDP packets

.

Choose

IP Filter/Firewall Setup

on the

Advanced Setup

group and click the

IP Filter

General Setup

link.