Packet Filter. Billion Electric QI3BIL-7401VGPR4

Packet Filter

This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected. See Table1: Predefined Port Filter for more detail information.

65

66

Example: Predefined Port Filters Rules

The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1.

Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.

Table 1:

Predefined

Port Filter

Protocol

Port

Number

Firewall - Low Firewall - Medium Firewall – High

Start End Inbound Outbound Inbound Outbound Inbound Outbound

Application

HTTP(80) TCP(6) 80 80 NO YES NO YES NO YES

DNS (53) UDP(17) 53 53 NO YES NO YES NO YES

DNS (53)

FTP(21)

TCP(6) 53 53

TCP(6) 21 21

Telnet(23) TCP(6) 23 23

SMTP(25) TCP(6) 25 25

NO

NO

NO

NO

POP3(110) TCP(6) 110 110 NO

NEWS(NNTP)

(Network

News Transfer

Protocol)

RealAudio/

RealVideo

(7070)

TCP(6) 119 119 NO

UDP(17) 7070 7070 YES

PING ICMP(1) N/A N/A NO

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

NO

YES

YES

YES

YES

YES

YES

YES

YES

NO

NO

NO

NO

NO

NO

NO

YES

NO

NO

YES

YES

NO

NO

YES

YES

YES

NO

NO

NO

YES

YES

YES

NO

NO

NO

YES

NO

NO

H.323(1720) TCP(6) 1720 1720 YES

T.120(1503) TCP(6) 1503 1503 YES

SSH(22) TCP(6) 22 22 NO

NTP /SNTP UDP(17) 123 123 NO

HTTP/HTTP

Proxy (8080)

TCP(6) 8080 8080 NO

HTTPS(443) TCP(6) 443 443 NO

YES

YES

YES

NO

NO

NO

YES

YES

NO

NO

NO

NO

NO

YES

NO

ICQ (5190)

MSN (1863)

TCP(6) 5190 5190

TCP(6) 1863 1863

YES

YES

MSN (7001) UDP(17) 7001 7001 YES

MSN VEDIO

(9000)

TCP(6) 9000 9000 NO

YES

YES

YES

YES

YES

NO

N/A

N/A

N/A

N/A

YES

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

67

Inbound: Internet to LAN

Outbound: LAN to Internet

YES: Allowed

NO: Blocked

N/A: Not Applicable

Packet Filter – Add TCP/UDP Filter

Rule Name Helper: Users-define description to identify this entry or click “Select” drop-down menu to select existing predefined rules. The maximum name length is 32 characters.

Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section

Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or block traffic to/from particular IP address(es). Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0.0.0.0 to inactive the Address-Filter rule.

Tip: To block access, to/from a single IP address, enter that IP address as the Host IP Address and use a Host Subnet Mask of “255.255.255.255”.

Type: It is the packet protocol type used by the application, select TCP, UDP or both TCP/UDP.

Protocol Number: Insert the port number.

Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option be configured by an advanced user.

Destination Port: This is the Port or Port Ranges that defines the application.

Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the

Internet (“Inbound”).

Click Add button to apply your changes.

68

Packet Filter – Add Raw IP Filter

Go to “Type” drop-down menu, select “Use Protocol Number”.

Rule Name Helper: Users-define description to identify this entry or choosing “Select” drop-down menu to select existing predefined rules.

Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy. For setup and detail, refer to Time Schedule section

Source IP Address(es) / Destination IP Address(es): This is the Address-Filter used to allow or block traffic to/from particular IP address(es). Selecting the Subnet Mask of the IP address range you wish to allow/block the traffic to or form; set IP address and Subnet Mask to 0.0.0.0 to inactive the Address-Filter rule.

Tip: To block access, to/from a single IP address, enter that IP address as the Host IP

Address and use a Host Subnet Mask of “255.255.255.255”.

Type: It is the packet protocol type used by the application, select TCP, UDP or both TCP/UDP.

Protocol Number: Insert the port number, i.e. GRE 47.

Source Port: This Port or Port Ranges defines the port allowed to be used by the Remote/WAN to connect to the application. Default is set from range 0 ~ 65535. It is recommended that this option be configured by an advanced user.

Destination Port: This is the Port or Port Ranges that defines the application.

Inbound / Outbound: Select Allow or Block the access to the Internet (“Outbound”) or from the

Internet (“Inbound”).

Click the Add button to apply your changes.

Example: Configuring your firewall to allow a publicly accessible web server on your LAN

The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.

69

As you can see from the diagram below, when the firewall is enabled with one of the three presets

(Low/Medium/High), inbound HTTP access is not allowed which means remote access through

HTTP to your router is not allowed.

Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the

Internet.

70

Configuring Packet Filter:

1. Click Packet Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below:

Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own.

2. Choose the radio button you want to delete the existing HTTP rule. Click Edit/Delete button to delete the existing HTTP rule.

3. Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port,

Inbound and Outbound.

71

Example:

Application: Cindy_HTTP

Time Schedule: Always On

Source / Destination IP Address(es): 0.0.0.0 (I do not wish to active the address-filter, instead I use the port-filter)

Type: TCP (Please refer to Table1: Predefined Port Filter)

Source Port: 0-65535 (I allow all ports to connect with the application))

Redirect Port: 80-80 (This is Port defined for HTTP)

Inbound / Outbound: Allow

1. The new port filter rule for HTTP is shown below:

2. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server:

Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual

Server section for more details.

72

73