Page 81 / 173 Scroll up to view Page 76 - 80
Vigor2900 Series User’s Guide
75
Web Content Filter (for V models only)
We all know that the content on the Internet just like other types of media may be
inappropriate sometimes. As a responsible parent or employer, you should protect those in your
trust against the hazards. With Web filtering service of the Vigor router, you can protect your
business from common primary threats, such as productivity, legal liability, network and
security threats. For parents, you can protect your children from viewing adult websites or chat
rooms.
Once you have activated your Web Filtering service in Vigor router and chosen the categories of
website you wish to restrict, each URL address requested (e.g.www.bbc.co.uk) will be checked
against our server database, powered by SurfControl. The database covering over 70 languages
and 200 countries, over 1 billion Web pages divided into 40 easy-to-understand categories. This
database is updated as frequent as daily by a global team of Internet researchers. The server will
look up the URL and return a category to your router. Your Vigor router will then decide
whether to allow access to this site according to the categories you have selected. Please note
that this action will not introduce any delay in your Web surfing because each of multiple load
balanced database servers can handle millions of requests for categorization.
Choose
IP Filter/Firewall Setup
on the
Advanced Setup
group. Below shows the menu
items for Firewall.
To edit or add a filter, click on the set number to edit the individual set. The following page
will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit
each rule. Check
Active
to enable the rule.
Page 82 / 173
Vigor2900 Series User’s Guide
76
Filter Rule
Click a button numbered (1 ~ 7) to edit the filter rule. Click the button
will open Edit Filter Rule web page. For the detailed information,
refer to the following page.
Active
Enable or disable the filter rule.
Comment
Enter filter set comments/description. Maximum length is
23–character long
Next Filter Set
Set the link to the next filter set to be executed after the current filter
run. Do not make a loop with many filter sets.
To edit
Filter Rule
, click the
Filter Rule
index button to enter the Filter Rule setup page.
Comments
Enter filter set comments/description. Maximum length is 14-
character long.
Check to enable the
Filter Rule
Check this box to enable the filter rule.
Page 83 / 173
Vigor2900 Series User’s Guide
77
Pass or Block
Specifies the action to be taken when packets match the rule.
Block Immediately -
Packets matching the rule will be dropped
immediately.
Pass Immediately -
Packets matching the rule will be passed
immediately.
Block If No Further Match -
A packet matching the rule, and that
does not match further rules, will be dropped.
Pass If No Further Match -
A packet matching the rule, and that
does not match further rules, will be passed through.
Branch to other Filter
Set
If the packet matches the filter rule, the next filter rule will branch
to the specified filter set. Select next filter rule to branch from the
drop-down menu.
Only the item of
Block If No Further Match
or
Pass If No
Further Match
is selected as the
Pass or Block
action, the system
will continue for inspection according to the specified filter set.
Log
Check this box to enable the log function. Use the Telnet command
log-f
to view the logs.
Keep State
It is used for Data Filter only. Keep State is in the same nature of
modern term Stateful Packet Inspection. If enabled, this rule will be
added to State table when it is matched by a packet. When other
packets in the same session as the matched packet is applied to Data
Filer, they will be checked against the rules in State table first. If
matched, they can pass immediately without having to check any
rule in Data Filter. Only ICMP, TCP and UDP protocols can be
added to State table.
Direction
Set the direction of packet flow. It is for
Data Filter
only. For the
Call Filter
, this setting is neglected since
Call Filter
is only applied
to outgoing traffic.
IN -
Specify the rule of filtering incoming packets.
OUT -
Specify the rule of filtering outgoing packets.
Protocol
Specify the protocol(s) which this filter rule will apply to.
Fragments
Specify the action for fragmented packets. And it is used for
Data
Filter
only.
Page 84 / 173
Vigor2900 Series User’s Guide
78
Don’t care -
No action will be taken towards fragmented packets.
Unfragmented -
Apply the rule to unfragmented packets.
Fragmented -
Apply the rule to fragmented packets.
Too Short -
Apply the rule only to packets that are too short to
contain a complete header.
IP Address
Specify a source and destination IP address for this filter rule to apply
to. Click
Edit
to open the following page and type in the IP address.
Operator, Start Port
and End Port
The operator column specifies the port number settings. If the
Start
Port
is empty, the
Start Port
and the
End Port
column will be
ignored. The filter rule will filter out any port number.
(=)
If the End Port is empty, the filter rule will set the port
number to be the value of the Start Port. Otherwise, the port
number ranges between the Start Port and the End Port (including
the Start Port and the End Port).
(!=)
If the End Port is empty, the port number is not equal to the
value of the Start Port. Otherwise, this port number is not between
the Start Port and the End Port (including the Start Port and End
Port).
(>)
Specify the port number is larger than the Start Port (includes
the Start Port).
(<)
Specify the port number is less than the Start Port (includes the
Start Port).
Time Schedule
To invoke the rules during specific periods, enter the number of the
scheduler predefined in
Call Schedule Setup
on the
Advanced
Setup group
.
Page 85 / 173
Vigor2900 Series User’s Guide
79
Example of Restricting Unauthorized Internet Services
To set a simple example to restrict someone from accessing WWW services, we assume the IP
address of the access-restricted user is 192.168.1.10. The filter rule is created in the Data Filter
set and is shown as below.
3.7.2 General Setup
General Setup allows you to adjust settings of IP Filter and common options.
Here you can
enable or disable the
Call Filter
or
Data Filter
. Under some circumstance, your filter set can
be linked to work in a serial manner. So here you assign the
Start Filter Set
only. Also you
can configure the
Log Flag
settings,
Apply IP filter to VPN incoming packets
and
Accept
incoming fragmented UDP packets
.
Choose
IP Filter/Firewall Setup
on the
Advanced Setup
group and click the
IP Filter
General Setup
link.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top