102
5.4 Access Control List
5.4.1 IP Filter Setup
Allows to create deny or allow rules to filter ingress or egress packets from specific source and/or to destination IP
address on wired (LAN) or Wireless (WAN) ports. Filter rules could be used to filter unicast or multicast packets on
different protocols as shown in the IP Filter Setup. Important to note that IP filter rules has precedence over Virtual server
rules.
Please click on
Advance -> IP Filter Setup
and follow the below setting.
Source Address/Mask :
Enter desired source IP address and netmask; i.e. 192.168.2.10/32.
Source Port :
Enter a port or a range of ports as
start:end
; i.e. port 20:80
Destination Address/Mask :
Enter desired destination IP address and netmask; i.e. 192.168.1.10/32
Destination Port :
Enter a port or a range of ports as
start:end
; i.e. port 20:80
In/Out :
Applies to
Ingress or egress packets
Protocol :
Supports
TCP
,
UDP
or
ICMP
.
Listen :
Click
Yes
radial button to match TCP packets only with the SYN flag.
Active :
Deny
to drop and
Pass
to allow per filter rules
Interface :
The interface that a filter rule applies
All packets are allowed by default. Deny rules could be added to the filter list to filter out unwanted packets and
leave remaining allowed.
Click “
Save
” button to add IP filter rule. Total of
20
rules maximum allowed in the IP Filter List. All rules can be edited or
removed from the List. Click
Reboot
button to activate your changes.
When you create rules in the IP Filter List, the prior rules maintain higher priority. To allow limited access from a subnet to
a destination network manager needs to create allow rules first and followed by deny rules. So, if you just want one IP
address to access the system via telnet from your subnet, not others, the Example 1 demonstrates it, not rules in the
Example 2.