Chapter 14

Filter

96

14.2

The IPv6/MAC Filter Screen

Use the

IPv6/MAC Filter

screen to create and apply IPv6 address /MAC filters. Click

Security

>

Filter

>

IPv6/MAC Filter

.

Figure 50

Security > Filter > IPv6/MAC Filter

Table 47

Security > Filter > IPv6/MAC Filter

LABEL

DESCRIPTION

Rule Type selection

Select

White List

to create a filter rule that allows traffic.

Select

Black List

to create a filter rule that blocks traffic.

IPv6/MAC Filter Rule Index

Select the index number of the filter rule.

Active

Use this field to enable or disable the rule.

Interface

Select the interface to which to apply the filter.

Direction

Apply the filter to

Incoming

or

Outgoing

traffic direction.

Rule Type

Select

IP

to filter traffic by IP addresses.

Select

MAC

to filter traffic by MAC address.

Chapter 14

Filter

97

Source IP Address

Enter the source IP address of the packets you wish to filter.

Source Prefix Length

Enter the prefix length for the source IPv6 address.

Destination IPv6 Address

Enter the destination IPv6 address of the packets you wish to filter.

Destination Prefix Length

Enter the prefix length for the destination IPv6 address.

ICMPv6 Type

Select one of the ICMPv6 message types to filter.

Protocol

This is the (upper layer) protocol that defines the service to which this rule

applies. By default it is

ICMPv6

.

Source MAC Address

This field is only available when you select

MAC

in the

Rule Type

field.

Enter the MAC address of the packets you wish to filter.

IPv6 / MAC Filter Rule Index

Select the index number of the filter set.

Active

This field shows whether the rule is activated.

Interface

This field shows the interface to which the filter rule applies.

Direction

The filter rule applies to this traffic direction.

ICMPv6Type

This is the ICMPv6 message type to filter.

Src IP/Prefix length

This is the source IPv6 address and prefix length.

Dest IP/Prefix length

This displays the destination IPv6 address and prefix length.

MAC Address

This is the MAC address of the packets being filtered.

Protocol

This is the (upper layer) protocol that defines the service to which this rule

applies.

Table 47

Security > Filter > IPv6/MAC Filter (continued)

LABEL

DESCRIPTION

15

Chapter 15

Firewall

98

C

HAPTER

15

Chapter 15

Firewall

15.1

TFirewall General Screen

Use this screen to enable or disable the firewall protection on the Router. You can also edit existing

rules or create new ones. Click

Security > Firewall

to open the

General

screen.

Figure 51

Security > Firewall > General

Table 48

Security > Firewall > General

LABEL

DESCRIPTION

On

Select this to enable the firewall protection on the Router.

Off

Select this to disable the firewall protection on the Router. This setting is not recommended.

It disables firewall protection for your network and could potentially expose your network to

significant security risks. This option should only be used for troubleshooting or if you intend

using another firewall in conjunction with your router.

Modify

Click the edit icon to go to the screen where you can edit an existing rule.

Click the delete icon to delete an existing existing rule.

Add

Click this to add a new default action that the firewall takes .

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Chapter 15

Firewall

99

15.1.1

Add/Edit Interface Default Policy Screen

Use this screen to edit existing firewall rules or create new ones. Click the

edit

icon next to an

existing firewall rule or click the

Add

button in the

General

screen.

Figure 52

Firewall > General: Add/Edit

Table 49

Firewall > General: Add/Edit

LABEL

DESCRIPTION

Name

Enter a descriptive name for this firewall rule.

IPVersion

Select the IP version for this firewall rule.

Packet Direction

Select the direction of traffic which applies to this firewall rule.

Default Action

Select the default action that the firewall is to take on packets that are traveling in the

selected direction and do not match any of the firewall rules.

Select

Permit

to allow the passage of the packets.

Select

Drop

to silently discard the packets without sending a TCP reset packet or an

ICMP destination-unreachable message to the sender.

15.2

Rules Screen

The

Rules

screen displays a list of the configured firewall rules. Note the order in which the rules

are listed. Click

Security > Firewall > Rules

.

Chapter 15

Firewall

100



The ordering of your rules is very important as rules are applied in turn.

Figure 53

Security > Firewall > Rules

Table 50

Security > Firewall > Rules

LABEL

DESCRIPTION

Packet Direction

Select a direction of travel of packets for which you want to configure firewall rules.

Create a new rule

after rule number

Select an index number and click

Add

to add a new firewall rule after the selected

index number. For example, if you select “6”, your new rule becomes number 7 and

the previous rule 7 (if there is one) becomes rule 8.

The following read-only fields summarize the rules you have created that apply to

traffic traveling in the selected packet direction. The firewall rules that you

configure (summarized below) take priority over the general firewall action settings

in the

General

screen.

No.

This is your firewall rule number. The ordering of your rules is important as rules

are applied in turn.

Active

This displays whether a firewall is turned on or not. Select the check box to enable

the rule. Clear the check box to disable the rule.

Name

This displays the name of the firewall rule.

Interface

This displays the source interface to which this firewall rule applies. This is the

interface through which the traffic entered the Router.

Destination IP

Address

This displays the destination addresses or ranges of addresses to which this

firewall rule applies.

Filter Criteria

This displays the filter criteria set for this firewall rule.

Action

This field displays whether the firewall silently discards packets (

Drop

) or allows

the passage of packets (

Permit

).

Modify

Click the

Edit

icon to go to the screen where you can edit the rule.

Click the

Remove

icon to delete an existing firewall rule. A window displays asking

you to confirm that you want to delete the firewall rule. Note that subsequent

firewall rules move up by one when you take this action.