Filter
Top Products
DSL-500G ADSL Router User’s Guide
Interface: The interface on the device on which the rule will take effect.
In Interface: The interface from which packets must have been forwarded to the interface specified in
the previous selection. This option is valid only on rules defined for the outgoing direction.
Log Option: When Enabled is selected, a log entry will be created on the system each time this rule is
invoked. The log entry will include the time of the violation, the source address of the computer
responsible for the violation, the destination IP address, the protocol being used, the source and
destination ports, and the number violations occuring the the previous x minutes. (Logging may be
helpful when troubleshooting.) This information can also be e-mailed to administrators.
Security Level: The security level that must be enabled globally for this rule to take affect. A rule will
be active only if its security level is the same as the globally configured setting (shown on the main IP
Filter page). For example, if the rule is set to Medium and the global firewall level is set to Medium,
then the rule will be active; but if the global firewall level is set to High or Low, then the rule will be
inactive.
Black List Status: Specifies whether or not a violation of this rule will result in the offending
computer's IP address being added to the Black List, which blocks the Router from forwarding packets
from that source for a specified period of time.
Log Tag: A description of up to 16 characters to be recorded in the log in the event that a packet
violates this rule. Be sure to set the Log Option to Enable if you configure a Log Tag.
Start/End Time: The time range during which this rule is to be in effect, specified in military units.
Src IP Address: IP address criteria for the source computer(s) from which the packet originates. In the
drop-down list, you can configure the rule to be invoked on packets containing:
• any: any source IP address.
• lt: any source IP address that is numerically less than the specified address.
• lteq: any source IP address that is numerically less than or equal to the specified address.
• gt: any source IP address that is numerically greater than the specified address.
• eq: any source IP address that is numerically equal to the specified address.
• neq: any source IP address that is not equal to the specified address.
• range: any source IP address that is within the specified range, inclusive.
• out of range: any source IP address that is outside the specified range.
• self: the IP address of the Router interface on which this rule takes effect.
Dest IP Address: IP address rule criteria for the destination computer(s) (i.e., the IP address of the
computer to which the packet is being sent). In addition to the options described for the Src IP Address
field, the following option is available:
• bcast: specifies that the rule will be invoked for any packets sent to the broadcast address for
the receiving interface. (The broadcast address is used to send packets to all hosts on the LAN
or subnet connected to the specified interface.) When you select this option, you do not need to
specify the address, so the address fields are dimmed.
Protocol: IP protocol criteria that must be met for rule to be invoked. You can specify that packets must
contain the selected protocol (eq), that they must not contain the specified protocol (neq), or that the
rule can be invoked regardless of the protocol (any). TCP, UDP, and ICMP are commonly used IP
protocols; others can be identified by number, from 0-255, as defined by the Internet Assigned Numbers
Authority (IANA).
Store State: If this option is enabled, then stateful filtering is performed and the rule is also applied in
the other direction on the given interface during an IP session.
Source Port: Port number criteria for the computer(s) from which the packet originates. This field will
be dimmed (unavailable for entry) unless you have selected TCP or UDP as the protocol. See the
description of Src IP Address for the selection options.
Dest Port: Port number criteria for the destination computer(s) (i.e., the port number of the type of
computer to which the packet is being sent). This field will be dimmed (unavailable for entry) unless
you have selected TCP or UDP as the protocol. See the description of Src IP Address for the selection
options.
40