Firewall, Firewall > basic settings, Firewall > ip based acl – Linksys RVS4000 User Manual

Chapter

Setting Up and Configuring the Router

4-Port Gigabit Security Router with VPN

Firewall

From the Firewall Tab, you can configure the Router to

deny or allow specific internal users from accessing the

Internet. You can also configure the Router to deny or

allow specific Internet users from accessing the internal

servers. You can set up different packet filters for different

users that are located on internal (LAN) side or external

(WAN) side based on their IP addresses or their network

Port number.

Firewall > Basic Settings

Firewall > Basic Settings

Firewall

When this feature is enabled, the Router’s NAT

firewall feature is enabled.

DoS Protection

When this feature is enabled, the Router

will block DoS (Denial of Service) attacks. A DoS attack

does not attempt to steal data or damage your PCs, but

overloads your Internet connection so you can not use it.

Block WAN Request

When this feature is enabled, the

Router filters out anonymous requests from the WAN.

Remote Management

This feature allows you to use

an http or https port to remotely manage the Router.

To enable this feature, select Enable and enter the port

number in the Port field, then configure the HTTPS and

Remote IP address settings that appear below.

HTTPS

This option limits access to the Web-based Utility

from the WAN to https sessions only. An https session

uses SSL encryption, providing better protection for your

remote session than http. The default is Enable.

Remote IP address

Select the appropriate value to

specify which external IP address(es) can access the

Router:

Any IP Address

Allows access from any external IP

address.

•

•

Single IP Address

Allows access from the single IP

address that you enter in the field provided.

IP Range

Allows access from a range of IP addresses

that you enter in the field provided.

Subnet

Allows access from the Subnet that you enter

in the field provided.

Remote Upgrade

This option allows you to upgrade the

Router remotely. To allow remote upgrade, select Enable.

The Remote Management feature must be set to Enable

as well. The default is Disable.

Multicast Passthrough

If an IGMP Proxy running on the

Router, set this to Enable to cause the Router to allow IP

Multicast traffic to come in from the Internet. The default

is Disable.

SIP Application Layer Gateway

When this feature is

enabled, the SIP Application Layer Gateway (ALG) allows

Session Initiation Protocol (SIP) packets (used for Voice

over IP) to traverse the NAT firewall. This feature can be

disabled if the VoIP service provider is using other NAT

traversal solutions such as STUN, TURN, and ICE.

Block

Place a checkmark next to the Web features that

you wish to restrict.

Java

Java is a programming language for websites. If

you deny Java, you run the risk of not having access

to Internet sites created using this programming

language.

Cookies

A cookie is data stored on your PC and used

by Internet sites when you interact with them, so you

may not want to deny cookies.

ActiveX

ActiveX is a Microsoft (Internet Explorer)

programming language for websites. If you deny

ActiveX, you run the risk of not having access to

Internet sites using this programming language. Also,

Windows Update uses ActiveX, so if this is blocked,

Windows update will not work.

Access to Proxy HTTP Server

If local users have access

to WAN proxy servers, they may be able to circumvent

the Router’s content filters and access Internet sites

blocked by the Router. Denying Proxy will block access

to any WAN proxy servers.

Firewall > IP Based ACL

The IP-Based ACL screen allows you to create an Access

Control List (ACL) with up to 50 rules. Each ACL rule denies

or allows access to the network based on various criteria

including priority, service type, interface, source IP address,

destination IP address, day of the week, and time of day.

•

•

•

•

•

•

•