Firewall configuration

Templates

The gateway offers an extensive collection of firewall rule templates which could be used to easily and quickly setup filtering or port forwarding for particular application or service. You could extend or manipulate this collection on the "Advanced" -> "Templates" page.

The templates are used both for IP filters and port forwarding, but slightly differently. For IP filters "destination ports start" parameter is not used, and "source ports start and source ports end" specify ports on the destination which should be blocked. For port forwarding rules "source ports start" and "source ports end" parameters specify which ports on the gateway will forward connections to the LAN host, and "destination ports start" specify destination port range start on the LAN (destination) host.

IP filters

This firewall feature allows you to block network access based on a users computer IP address. You can use this page to block specific traffic (for example block web access) or any traffic from a computer on your local network. To add an IP filter rule select the computer IP address and template and click "Add". You can also add/edit/delete IP filter rules without using templates.

Blocking outgoing ping generated from a particular LAN IP can be used if your PC has a virus that attempts a Ping-of-Death Denial of Service attack.

Port forwarding

Using the Port Forwarding page, you can provide local services (for example web hosting) for people on the Internet or play Internet games. To configure a service, game or other application, select the external connection (for example the Internet connection), select the computer hosting the service and add the corresponding firewall rule. You can also add/edit/delete rules without using the templates. In the presence of the firewall, anonymous Internet traffic is blocked.

You could also setup the gateway to forward any incoming traffic to some host on the LAN. This could be done on the corresponding connection page by entering LAN host IP address in the "DMZ host IP address" field.