beautypg.com

Configuring an inbound filter rule – D-Link DGL-4300 User Manual

Page 42

background image

Using the Configuration Interface

42

D-Link Systems, Inc.

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a

connection that originated from inside the router or which corresponds to a Virtual Server, Gaming,

or Special Application Rule is ALLOWED by default.

When rules are configured, the router compares incoming data packets against the rules in the list.

It is very important to understand that the router examines each rule one by one in the order that

they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped)

or ALLOWED. Once a match has been made, no further rules will be examined for that packet. If

no rules match the data packet, it is ALLOWED. This means that to allow only a specific subset of

traffic usually requires more than one rule to be entered.

Example:

You have configured a game server, using the Advanced > Gaming page, to play HALO: Combat

Evolved with some friends. You would like to limit the access to your network and server to specific

times of the day and only to your friends.

Next you would define a schedule on the Tools > Schedule page, called Gametime, which specifies

a schedule of Friday and Saturday between 7PM and 11PM.

All of your friends use the same service provider and have IP addresses 67.150.220.117,

67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each

one of these addresses individually or you may just decide that using an IP range that covers all of

them is sufficient for your needs.

The first rule is to configure a DENY rule that will catch all of the traffic that arrives on these ports

but does not match data from the sources you want to have access to your network. It is important

to enter the DENY rule first since all subsequent rules will be added higher in the list and will be

checked first. It should look similar to the figure on the right.

Notice that it covers all Source IP Address, Source Ports, and Times (Always), but is specifically tied

to the Public Ports defined in the Game Rule List. This is because you do not want to accidentally

block traffic for other applications. It is a good idea to turn on the log for this rule so that you can

check in the log for anything that is filtered inappropriately.

Next configure the ALLOW rules. In the example on the right, two rules are used to cover the three

IP addresses.

See also other documents in the category D-Link Hardware: