Filter
Top Products
Using the Configuration Interface
40 D-Link Systems, Inc.
Configuring an Inbound Filter Rule
When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a
connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,
or Special Application Rule is ALLOWED by default.
When rules are configured, the router compares incoming data packets against the rules in the list. It
is very important to understand that the router examines each rule one by one in the order that they
are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED.
Once a match has been made, no further rules will be examined for that packet. If no rules match the
data packet, it is ALLOWED. This means that to allow only a specific subset of traffic usually requires
more than one rule to be entered.
Example:
You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat
Evolved with some friends. You would like to limit the access to your network and server to specific
times of the day and only to your friends.
Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies
a schedule of Friday and Saturday between 7PM and 11PM.
All of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of
these addresses individually or you may just decide that using an IP range that covers all of them is
sufficient for your needs.
The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports but
does not match data from the sources you want to have access to your network. It is important to
enter the DENY rule first since all subsequent rules will be added higher in the list and will be checked
first. It should look similar to the figure on the right.
Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied
to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally
block traffic for other applications. It is a good idea to turn on the log for this rule so that you can check
in the log for anything that is filtered inappropriately.
Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three IP
addresses.