A SERVICE OF

logo

Chapter 14. Configuring Filters and Blocking Protocols
147
3. When you are done selecting criteria, ensure that the Enable
radio button is selected at the top of the page, and then click
.
After a confirmation page displays, the IP Filter Configuration
page will redisplay with the new rule showing in the table.
If the security level of the rule matches the globally configured
setting, a green ball displays in the Status column for that rule,
indicating that the rule is now in effect. A red ball displays when
the rule is disabled or if its security level is different from the
globally configured level.
4. Ensure that the Security Level and Private/Public/DMZ
Default Action settings on the IP Filter Configuration page
are configured as needed, then click
.
A page displays to confirm your changes.
5. If you want the changes to be permanent, follow the
instructions on page
46 to commit them.
IP filter rule examples
Example 1. Blocking a specific computer on your LAN from
accessing Web servers on the Internet:
1. Add a new rule for outgoing packets on the ppp-0 interface
from any incoming interface (this would include the eth-0 and
usb-0 interfaces, for example).
2. Specify the source IP address of the computer you want to
block.
3. Specify the Protocol as TCP and enable the Store State
setting.
4. Specify the destination port as 80, which is the well-known
port number for web servers.
5. Enable the rule by clicking the radio button at the top of the
page.
6. Click
to create the rule.
7. On the IP Filter Configuration page, set the Security Level to
the same level you chose for the rule, and set both the
Private Default Action and the Public Default Action to
Accept.
8. Click
.
9. and commit your changes.
With this configuration, the specified computer will not be able to
access the Web, but will be able to access FTP Internet sites (and
any others that use destination port numbers other than 80).