X8824r User’s Manual Version 1.0
49 / 102
9.3 Firewall
Click on the
Firewall
link to view the Firewall Configuration
table. The Firewall adds security to your network by protecting it
from Internet intruders.
Blacklist Status
: Select
Enable
if you would like the
device to maintain a blacklist.
Blacklist Period (min)
: Specifies the number of minutes
that a computer's IP address will remain on the black list
(i.e., all traffic originating from that computer will be blocked
from passing through any interface on the ADSL/Ethernet
router).
Attack Protection
: Select the Enable radio button to use
the built-in firewall protections that prevent the following
common types of attacks:
IP Spoofing
- sending packets
over the WAN interface using an internal LAN IP address
as the source address.
Tear Drop
- sending packets that
contain overlapping fragments.
Smurf and Fraggle
-
X8824r User’s Manual Version 1.0
50 / 102
sending packets that use the WAN or LAN IP broadcast
address as the source address.
Land Attack
- sending
packets that use the same address as the source and
destination address.
Ping of Death
- illegal IP packet
length.
DOS Protection
: Click on the Enable button to use the
following Denail of Service protection: SYN DoS, ICMP
DoS, Per-host DoS protection.
Max Half open TCP Connection
: Enter the percentage of
concurrent IP sessions that can be in the half-open state. In
ordinary TCP communication, packets are in the half-open
state only briefly as a connection is being initiated; the state
changes to active when packets are being exchanged, or
closed when the exchange is complete. TCP connections in
the half-open state can use up the available IP sessions. If
the percentage is exceeded, then the half-open sessions
will be closed and replaced with new sessions as they are
initiated.
MAX ICMP Connection
: Sets the percentage of concurrent
IP sessions that can be used for ICMP messages. If the
percentage is exceeded, then older ICMP IP sessions will
be replaced by new sessions as the are initiated.
Max Single Host Connection
: Sets the percentage of
concurrent IP session that can originate from a single
computer. This percentage should take into account the
number of hosts on the LAN.
Log Destination
: Select how attempted violations of the
firewall settings will be tracked. Records of such events can
be sent via Ethernet to be handled by a system utility
(Trace) or can e-mailed to specified administrators.
Email ID of Admin
: Enter the e-mail addresses of the
administrators who should receive notices of any attempted
firewall violations.
Click on the
Submit
button when completed and make sure
to
Commit & Reboot
.
.