X8821r User’s Manual Version 1.0
51 / 101
public
interface typically connects to the Internet. PPP,
EoA, and IPoA interfaces are typically public. Packets
received on a public interface are subject to the most
restrictive set of firewall protections defined in the software.
Typically, the global setting for public interfaces is Deny, so
that all accesses to your LAN initiated from external
computers are denied. A
private
interface connects to your
LAN, such as the Ethernet interface. Packets received on a
private interface are subject to a less restrictive set of
protections, because they originate within the network.
Typically, the global setting for private interfaces is Accept,
so that LAN computers have access to the ADSL/Ethernet
routers' Internet connection. The term
DMZ
(de-militarized
zone), in Internet networking terms, refers to computers
that are available for both public and in-network accesses
(such as a company's public Web server). Packets
received on a DMZ interface -- whether from a LAN or
external source -- are subject to a set of protections that is
in between public and private interfaces in terms of
restrictiveness. The global setting for DMZ-type interfaces
may be set to Deny so that all attempts to access these
servers are denied by default; the administrator may then
configure IP Filter rules to allow accesses of certain types.
9.5 Bridge
Filter
Click on the
Bridge Filter
link to view the bridge filter
configuration table. Bridge filter rules can be created to control
the forwarding of incoming and outgoing data between your
LAN and the Internet and within your LAN. Bridge filter rules
make decisions based on the structure of the "layer 2" data
packets (e.g., Ethernet packets) received on the device
interfaces, unlike IP filter rules, which are based on the
structure of "layer 3" (e.g., IP) packets.
When the bridge filtering feature is enabled, the bridge/router
examines each incoming layer 2 packet and compares it to the
bridge filter rules. The bridge filter rules specify which bits of the
packet are to be examined, and what criteria those bits must
meet in order to qualify as a match for the rule.
X8821r User’s Manual Version 1.0
52 / 101
When a packet matches a rule, it can either be accepted
(forwarded towards its destination), or denied (discarded),
depending on the action specified in the rule.
Bridge Filter
: Click on the
Enable
or
Disable
radio button
to activate/deactivate the service. Although each rule is
independently enabled and disabled, no rules will be
effective unless the Enable radio button is selected here.
Default Action:
Select
Accept
or
Deny
from the
drop-donw list. By accepting or denying this action will
affect all packets on all interfaces.
Click on the
Submit
button when completed and make sure
to
Commit & Reboot
.
Click on the
Add
button to add a bridge filter rule.
Rule ID:
Each rule must be assigned an ID number. Rules
are processed from lowest to highest on each data packet,
until a match is found. Rule numbers up to 99 are reserved
for preconfigured system rules.
Rule IDs must start at
1000 or above so that they do not interfere with
system-defined rules.
It is also recommended that you
