SMC Networks SMCWHSG44-G User Manual

2.8. Configuring Advanced Settings

2.8.1. Filters and Firewall

2.8.1.1. Packet Filters

Fig. 100. Packet Filters Settings.

You can specify rules for the firewall component of the Router to check
outgoing packets. Packets that meet the rules can be permitted or denied.
The protocol field, source IP address field, destination IP address field, and
destination port field of a packet's IP header are inspected to see if it meets
a rule. A packet that meets a rule can be dropped (Block) or accepted
(Accept) as specified in the Action setting of the rule. Packets that do not
meet any rules can be dropped (Discard) or accepted (Pass) as specified in
the Policy setting.

A rule is composed of 5 parts:

• What to do if a packet meets this rule (Action)
• Protocol type

• All
• ICMP
• TCP
• UDP

• Source IP address range (Source IP Address AND Source Subnet Mask)
• Destination IP address range (Destination IP Address AND Destination

Subnet Mask)

• Port ranges

A source (destination) IP address range is determined by performing an AND
operation on the source (destination) IP address field and the source
(destination) subnet mask field. For example, if the source IP address field is
192.168.0.1 and the source subnet mask field is 255.255.255.0, the resultant
source IP address range is 192.168.0.0 to 192.168.0.255.

Up to 5 port ranges can be specified in a rule, and these ranges must be
separated by commas. For example, “21,80,85-89,140,200-230” in the
destination port field signifies 5 port ranges.

78