Using the Configuration Interface
42 D-Link Systems, Inc.
Configuring an Inbound Filter Rule
When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a
connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,
or Special Application Rule is ALLOWED by default.
When rules are configured, the router compares incoming data packets against the rules in the list.
It is very important to understand that the router examines each rule one by one in the order that
they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped)
or ALLOWED. Once a match has been made, no further rules will be examined for that packet. If
no rules match the data packet, it is ALLOWED. This means that to allow only a specific subset of
traffic usually requires more than one rule to be entered.
Example:
You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat
Evolved with some friends. You would like to limit the access to your network and server to specific
times of the day and only to your friends.
Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies
a schedule of Friday and Saturday between 7PM and 11PM.
All of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each
one of these addresses individually or you may just decide that using an IP range that covers all of
them is sufficient for your needs.
The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports
but does not match data from the sources you want to have access to your network. It is important
to enter the DENY rule first since all subsequent rules will be added higher in the list and will be
checked first. It should look similar to the figure on the right.
Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied
to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally
block traffic for other applications. It is a good idea to turn on the log for this rule so that you can
check in the log for anything that is filtered inappropriately.
Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three
IP addresses.