Kerio Tech Firewall6 Network Router User Manual


 
Chapter 6 Traffic Policy
110
as all traffic that would not meet these requirements will be blocked by the default "catch
all" rule.
Other methods of Internet access limitations can be found in the Exceptions section (see
below).
Note: Rules mentioned in these examples can be also used if WinRoute is intended as
a neutral router (no address translation) in the Translation entry there will be no
translations defined.
1. Allow access to selected services only. In the translation rule in the Service entry
specify only those services that are intended to be allowed.
Figure 6.26 Internet connection sharing — only selected services are available
2. Limitations sorted by IP addresses. Access to particular services (or access to any
Internet service) will be allowed only from selected hosts. In the Source entry define
the group of IP addresses from which the Internet will be available. This group
must be formerly defined in Configuration Definitions Address Groups (see
chapter 13.5).
Figure 6.27 Only selected IP address group(s) is/are allowed to connect to the Internet
Note: This type of rule should be used only if each user has his/her own host and
the hosts have static IP addresses.
3. Limitations sorted by users. Firewall monitors if the connection is from an authen-
ticated host. In accordance with this fact, the traffic is permitted or denied.
Figure 6.28 Only selected user group(s) is/are allowed to connect to the Internet