Packet Filter enables you to control what packets are allowed to pass the router. Outbound filter applies on all outbound packets. However, Inbound filter applies on packets that destined to Virtual Servers or DMZ host only. You can select one of the two filtering policies:

  1. Allow all to pass except those match the specified rules
  2. Deny all to pass except those match the specified rules
You can specify 8 rules for each directions: inbound or outbound. For each rule, you can define the following:
  • Source IP address
  • Destination IP address
  • Destination port address
  • Protocol: TCP or UDP or both.
For source or destination IP address, you can define a single IP address (4.3.2.1) or a range of IP addresses (4.3.2.1-4.3.2.254). An empty implies all IP addresses.

For destination port, you can define a single port (80) or a range of ports (1000-1999). Add prefix "T" or "U" to specify TCP or UDP protocol. For example, T80, U53, U2000-2999. No prefix indicates both TCP and UDP are defined. An empty implies all port addresses.

Each rule can be enabled or disabled individually.

Schedule Rule#

Choose the schedule when you want to make this service take effect, and select the ID you want to use with the schedule rule. Then click "Copy to" botton to copy it into the "Schedule Rule#" box to use the schedule. When choosing rule 0 for always, it is the same as not using schedule.

Schedule example

Assume that there is a rule setting in Rule 1 which is Everyday 8:30~17:30. Outbound Packet Filter setting is as below: Assume that there is a rule setting in Rule 1 which is Everyday 17:30~24:00, and there is a FTP server which IP is 192.168.123.5 and listening port 21. The Virtual Server's setting is as below:

ID Service Ports Server IP Enable Use Rule#
1

Item Setting
Out/InboundPacket Filter Enable
Allow all to pass except those match the following rules.
Deny all to pass except those match the following rules.
ID Source IP Destination IP : Ports Enable Use rule#
1 :


Description:

It means the LAN users can't play the ICQ at 8:30~17:30 everyday. You can use "netstat -na" in the DOS Command mode to see which port you are connecting and block it via the outbound filter. It means the WAN users can't access this FTP server only at 17:30~24:00 everyday. If the time exceeds this range, the WAN users can access the LAN FTP server.