Page 41 / 82
Scroll up to view Page 36 - 40
41
addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses.
For source or destination port, you can define a single port (80) or a range of ports (1000-1999). Add
prefix "T" or "U" to specify TCP or UDP protocol. For example, T80, U53, U2000-2999. No prefix
indicates both TCP and UDP are defined. An empty implies all port addresses.
Packet Filter
can work
with
Scheduling Rules
, and give user more flexibility on Access control. For Detail, please refer to
Scheduling Rule
.
Each rule can be enabled or disabled individually.
Inbound Filter:
To enable
Inbound Packet Filter
click the check box next to
Enable
in the
Inbound Packet Filter
field.
Suppose you have SMTP Server (25), POP Server (110), Web Server (80), FTP Server (21), and News
Server (119) defined in Virtual Server or DMZ Host.
Example 1:
(1.2.3.100-1.2.3.149) They are allow to send mail (port 25), receive mail (port 110), and browse your
web server as above (port 80)
(1.2.3.10-1.2.3.20) They can do everything (block nothing)
Others are all blocked.
Page 42 / 82
42
Example 2:
(1.2.3.100-1.2.3.119) They can do everything except read net news (port 119) and transfer files via FTP
(port 21)
Others are all allowed.
After
Inbound Packet Filter
setting is configured, click the
save
button.
Page 43 / 82
43
Outbound Filter:
To enable
Outbound Packet Filter
click the check box next to
Enable
in the
Outbound Packet
Filter
field.
Example 1:
(192.168.123.100-192.168.123.149) They are allowed to send mail (port 25), receive mail (port 110),
and browse Internet (port 80); port 53 (DNS) is necessary to resolve the domain name.
(192.168.123.10-192.168.123.20) They can do everything (block nothing)
Others are all blocked.
Page 44 / 82
44
Example 2:
(192.168.123.100-192.168.123.119) They can do everything except read net news (port 119) and
transfer files via FTP (port 21)
Others are allowed
After
Outbound Packet Filter
setting is configured, click the
save
button.
Page 45 / 82
45
4.6.2 Domain Filter
Domain Filter
let you prevent users under this device from accessing specific URLs.
Domain Filter Enable
Check if you want to enable Domain Filter.
Log DNS Query
Check if you want to log the action when someone accesses the specific URLs.
Privilege IP Addresses Range
Setting a group of hosts and privilege these hosts to access network without restriction.
Domain Suffix
A suffix of URL to be restricted. For example, ".com", "xxx.com".
Action
When someone is accessing the URL met the domain-suffix, what kind of action you want.
Check drop to block the access. Check log to log these access.
Enable
Check to enable each rule.