Page 61 / 110 Scroll up to view Page 56 - 60
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
60
Packet Filter – Add Raw IP Filter
Rule Name:
Users-define description to identify this entry or click
to select existing
predefined rules.
Time Schedule:
It is self-defined time period.
You may specify a time schedule for your prioritization
policy. For setup and detail, refer to
Time Schedule
section
Protocol Number:
Insert the port number, i.e. GRE 47.
Inbound / Outbound:
Select
Allow
or
Block
the access to the Internet (
“Outbound”
) or from the
Internet (
“Inbound”
).
Click
Apply
button to apply your changes.
Page 62 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
61
Example: Configuring your firewall to allow for a publicly accessible web server on your LAN
The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to
a high, medium or low security level. To setup a web server located on the local network when the
firewall is enabled, you have to configure the Port Filters setting for HTTP.
As you can see from the diagram below, when the firewall is enabled with one of the three presets
(Low/Medium/High), inbound HTTP access is not allowed which means remote access through HTTP to
your router is not allowed.
Note:
Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet.
Page 63 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
62
Configuring Packet Filter:
1. Click
Packet Filter
. You will then be presented with the predefined port filter rules screen (in this case
for the low security level), shown below:
Note
:
You may click Edit the predefined rule instead of Delete it.
This is an example to show to how you add a
filter on your own.
2. Click
Delete
to delete the existing HTTP rule.
3. Click
Add TCP/UDP Filter
.
4. Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port, Inbound
and Outbound.
Example:
Application:
Cindy_HTTP
Time Schedule:
Always On
Source / Destination IP Address(es):
0.0.0.0
(I do not wish to active the address-filter, instead I
use the port-filter)
Type:
TCP (Please refer to Table1: Predefined Port Filter)
Source Port:
0-65535
(I allow all ports to connect with the application))
Redirect Port:
80-80
(This is Port defined for HTTP)
Inbound / Outbound:
Allow
Click Add TCP/UDP Filter
Click Delete
Page 64 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
63
5. The new port filter rule for HTTP is shown below:
6. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80
will be forwarded to the PC running your web server:
Note:
For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more
details
.
Page 65 / 110
TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router
Chapter 4: Configuration
64
Intrusion Detection
The router’s
Intrusion Detection System
(IDS) is used to detect hacker attacks and intrusion attempts
from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked
depending on whether they are detected as possible hacker attacks, intrusion attempts or other
connections that the router determines to be suspicious.
Blacklist
: If the router detects a possible attack, the source IP or destination IP address will be added to
the Blacklist. Any further attempts using this IP address will be blocked for the time period specified as
the
Block Duration
. The default setting for this function is false (disabled). Some attack types are
denied immediately without using the Blacklist function, such as
Land attack
and
Echo/CharGen scan
.
Intrusion Detection
: If enabled, IDS will block Smurf attack attempts. Default is false.
Block Duration:
±
Victim Protection Block Duration
: This is the duration for blocking
Smurf
attacks. Default value
is 600 seconds.
±
Scan Attack Block Duration
: This is the duration for blocking hosts that attempt a possible
Scan attack. Scan attack types include
X’mas scan, IMAP SYN/FIN scan
and similar attempts.
Default value is 86400 seconds.
±
DoS Attack Block Duration
: This is the duration for blocking hosts that attempt a possible
Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include
Ascend Kill
and
WinNuke
. Default value is 1800 seconds.
Max TCP Open Handshaking Count
: This is a threshold value to decide whether a
SYN Flood
attempt
is occurring or not. Default value is 100 TCP SYN per seconds.
Max PING Count
: This is a threshold value to decide whether an
ICMP Echo Storm
is occurring or not.
Default value is 15 ICMP Echo Requests (PING) per second.
Max ICMP Count
: This is a threshold to decide whether an
ICMP flood
is occurring or not. Default value
is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For
SYN Flood
,
ICMP Echo Storm
and
ICMP flood
, IDS will just warn the user in the Event Log. It
cannot protect against such attacks.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top