IP Filter
Topics on this page: Viewing Your IP Filter Config | Configuring Global Settings | Modifying IP Filter Rules
[Go back]

The IP filter feature enables you to create rules that control the forwarding of incoming and outgoing data between your LAN and the Internet and within your LAN. 

You can create IP filter rules to block attempts by certain computers on your LAN to access certain types of data or Internet locations. You can also block incoming access to computers on your LAN.

When you define an IP filter rule and enable the feature, you instruct the Voyager 205 to examine data packets to determine whether they meet criteria set forth in the rule. The criteria can include the network or internet protocol the packet carries, the direction in which it is travelling (for example, from the LAN to the Internet or vice versa), the IP address of the sending computer, the destination IP address, and other characteristics of the packet data.

If the packet matches the criteria established in a rule, the packet can either be accepted (forwarded towards its destination), or denied (discarded), depending on the action specified in the rule.

Viewing Your IP Filter Configuration

If the IP Filter Configuration page is not already displaying, click the Security menu, and then click IP Filter in the task bar.

Click custom to display all currently established rules. See Modifying IP Filter Rules for a description of the items that make up a rule. When rules are defined, you can use the icons that display in the Actions column to edit (), delete (), and view details on () the corresponding rule.

Configuring IP Filter Global Settings

The IP Filter Configuration page enables you to configure the following IP filter global settings.

  • Security Level: This setting determines which IP Filter rules take effect, based on the security level specified in each rule. For example, when High is selected, only those rules that are assigned a security value of High will be in effect. The same is true for the Medium settings. When Off is selected, IP Filtering is disabled.
  • Custom: This setting specifies a default action to be taken (Accept or Deny) on private, public, or DMZ-type device interfaces when they receive packets that do not match any of the filtering rules. You can specify a different default action for each interface type. (You specify an interface's type when you create the interface; see the PPP configuration page, for example.)
    • A public interface typically connects to the Internet. PPP, EoA, and IPoA interfaces are typically public. Packets received on a public interface are subject to the most restrictive set of firewall protections defined in the software. Typically, the global setting for public interfaces is Deny, so that all accesses to your LAN initiated from external computers are denied (discarded at the public interface), except for those allowed by a specific IP Filter rule.
    • A private interface connects to your LAN, such as the Ethernet interface. Packets received on a private interface are subject to a less restrictive set of protections, because they originate within the network. Typically, the global setting for private interfaces is Accept, so that LAN computers have access to the ADSL/Ethernet routers' Internet connection.
    • The term DMZ (de-militarized zone), in Internet networking terms, refers to computers that are available for both public and in-network accesses (such as a company's public Web server). Packets received on a DMZ interface -- whether from a LAN or external source -- are subject to a set of protections that is in between public and private interfaces in terms of restrictiveness. The global setting for DMZ-type interfaces may be set to Deny so that all attempts to access these servers are denied by default; the administrator may then configure IP Filter rules to allow accesses of certain types.

Modifying IP Filter Rules

To modify an IP filter rule, you can enable or disable the status and log options. Use these instructions to add a new IP filter rule.

  1. On the main IP Filter page, click Custom to display the IP Filter Rule.
  2. Click edit (), then enable or disable the Status and Log Options.
  3. Click Apply to set the changes you have made.

When you click custom, the following settings are shown.

  • Rule ID: Each rule must be assigned a ID number. Rules are processed from lowest to highest on each data packet, until a match is found.
  • I/F: The interface on the device on which the rule will take effect.
  • Apply Stateful Inspection: When this option is enabled, packets are monitored for their state (i.e., whether a packet is the initiating packet or a subsequent packet in an ongoing communication, etc). This option provides a degree of security by blocking/dropping packets that are not received in the anticipated state. Such packets can signify an unwelcome attempt to gain access to a network.
  • Direction: Specifies whether the rule should apply to data packets that are incoming or outgoing on the selected interface. Incoming refers to packets coming in to the LAN on the interface, and Outgoing refers to packets going out from the LAN. You can use rules that specify the incoming direction to restrict external computers from accessing your LAN.
  • Rule Action: Specifies what the rule will do to a packet when the packet matches the rule criteria. The action can be Accept (forward to destination) or Deny (discard the packet).
  • In I/F: The interface from which packets must have been forwarded to the interface specified in the previous selection. This option is valid only on rules defined for the outgoing direction. 
  • Log Option: When Enabled is selected, a log entry will be created on the system each time this rule is invoked. The log entry will include the time of the violation, the source address of the computer responsible for the violation, the destination IP address, the protocol being used, the source and destination ports, and the number violations occurring the the previous x minutes.  (Logging may be helpful when troubleshooting.) This information can also be e-mailed to designated administrators. See Intrusion Protection. for instructions.
  • Rule Description: Displays protocol and port settings for the rule.
  • Operational Status: If the security level of the rule matches the globally configured setting, a green ball displays in the Status column for that rule, indicating that the rule is now in effect. A red ball will display when the rule is disabled or if its security level is different than the globally configured level.
  • Actions: Edit (), opens the Modify box. The Rule ID is shown and you can enable the status and log option settings. Click Apply to confirm the changes.

NOTE: If want your changes to be permanent, be sure to Save them.