Chapter 13 Firewall
NBG334W User’s Guide
147
The following table describes the labels in this screen.
Table 56
Security > Firewall > Services
LABEL
DESCRIPTION
ICMP
Internet Control Message Protocol is a message control and error-reporting
protocol between a host server and a gateway to the Internet. ICMP uses Internet
Protocol (IP) datagrams, but the messages are processed by the TCP/IP software
and directly apparent to the application user.
Respond to Ping
on
The NBG334W will not respond to any incoming Ping requests when
Disable
is
selected. Select
LAN
to reply to incoming LAN Ping requests.
Select
WAN
to reply
to incoming WAN Ping requests. Select
Guest WLAN
to reply to incoming Guest
WLAN Ping requests.
Otherwise select
LAN & WAN & Guest WLAN
to reply to all
incoming LAN, WAN and Guest WLAN Ping requests.
Do not respond to
requests for
unauthorized
services
Select this option to prevent hackers from finding the NBG334W by probing for
unused ports. If you select this option, the NBG334W will not respond to port
request(s) for unused ports, thus leaving the unused ports and the NBG334W
unseen. By default this option is not selected and the NBG334W will reply with an
ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a
TCP Reset packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG334W's firewall
mechanism before reaching this anti-probing mechanism. Therefore if the firewall
mechanism blocks a probing packet, the NBG334W reacts based on the firewall
policy, which by default, is to send a TCP reset packet for a blocked TCP packet.
You can use the command "sys firewall tcprst rst [on|off]" to change this policy.
When the firewall mechanism blocks a UDP packet, it drops the packet without
sending a response packet.
Service Setup
Enable Services
Blocking
Select this check box to enable this feature.
Available Services
This is a list of pre-defined services (ports) you may prohibit your LAN computers
from using. Select the port you want to block using the drop-down list and click
Add
to add the port to the
Blocked Services
field.
Blocked Services
This is a list of services (ports) that will be inaccessible to computers on your LAN
once you enable service blocking.
Custom Port
A custom port is a service that is not available in the pre-defined
Available
Services
list and you must define using the next two fields.
Type
Choose the IP port (
TCP
or
UDP
) that defines your customized port from the drop
down list box.
Port Number
Enter the port number range that defines the service. For example, if you want to
define the Gnutella service, then select
TCP
type and enter a port range from
6345 to 6349.
Add
Select a service from the
Available Services
drop-down list and then click
Add
to
add a service to the
Blocked Services
Delete
Select a service from the
Blocked Services
list and then click
Delete
to remove
this service from the list.
Clear All
Click
Clear All
to empty the
Blocked Services
.
Schedule to Block
Day to Block:
Select a check box to configure which days of the week (or everyday) you want
service blocking to be active.
Time of Day to
Block (24-Hour
Format)
Select the time of day you want service blocking to take effect. Configure blocking
to take effect all day by selecting
All Day
. You can also configure specific times by
selecting
From
and entering the start time in the
Start (hour)
and
Start (min)
fields and the end time in the
End (hour)
and
End (min)
fields. Enter times in 24-
hour format, for example, "3:00pm" should be entered as "15:00".
19216811.live