access rules look specifically at a data transmission's source ip address, destination ip address, and ip protocol type, and you can apply each access rule according to a different schedule.
with the use of custom rules, it is possible to disable all firewall protection or block all access to the internet, so use extreme caution when creating or deleting access rules.
the router has the following default rules:
1 all traffic from the lan to the wan is allowed.
2 all traffic from the wan to the lan is denied.
3 all traffic from the lan to the dmz is allowed.
4 all traffic from the dmz to the lan is denied.
5 all traffic from the wan to the dmz is allowed.
6 all traffic from the dmz to the wan is allowed.
custom rules can be created to override the above default rules, but there are four additional default rules that will be always active and cannot be overridden by any custom rules.
1 http service from the lan to the router is always allowed.
2 dhcp service from the lan is always allowed.
3 dns service from the lan is always allowed.
4 ping service from the lan to the router is always allowed.
except for the default rules, all configured access rules are listed in the access rules table, and you can set the priority for each custom rule. the access rules table lists the following information for each access rule: priority, enable status, action, service, source interface, source, destination, time, and day. click the edit button to edit an access rule, and click the trash can icon to delete an access rule. if the access rules table has multiple pages, select a different page to view from the jump to drop-down menu. if you want more or fewer entries listed per page, select a different number from the entries per page drop-down menu.
click the save settings button to save your changes, or click the cancel changes button to undo your changes.
click add new rule button to add new access rules, and the add a new access rule screen will appear. click the restore to default rules button to restore the default rules and delete the custom access rules.
add a new rule
services. if you need help to set up the access rules, click the wizard button. for more details, see the wizard tab section. otherwise, follow these instructions:
1. for the action setting, select allow or deny from the pull-down menu, depending on the purpose of the access rule.
2. select the service you want from the service pull-down menu. if the service you need is not listed in the menu, click the service management button to add the new service. a new screen will appear. enter a name in the service name field. from the protocol drop-down menu, select the protocol it uses. enter its range in the port range fields. click the add to list button. then, click the save setting button to save your changes.
click the cancel changes button to cancel your changes. click the exit button to return to the add a new access rule screen.
if you want to modify a service you have created, select it and click the update this service button. then, click the save setting button to save your changes. click the exit button to return to the add a new access rule screen.
if you want to delete a service you have created, select it and click the delete selected service button. then, click the save setting button to save your changes. click the exit button to return to the add a new access rule screen.
if you want to add another service, click the add new button. enter a name in the service name field. from the protocol drop-down menu, select the protocol it uses. enter its range in the port range fields. click the add to list button. then, click the save setting button to save your changes. click the cancel changes button to cancel your changes. click the exit button to return to the add a new access rule screen.
3. for this service, you can decide whether or not you want the router to keep a log tracking this type of activity.
to keep a log, select log packets matching this access rule. if you don’t want a log, select do not log packets matching this access rule.
4. select the appropriate source interface (lan, dmz, any, wan1, wan2...) from the pull-down menu. (the wan ports available depend on the number of wan ports set on the network or port management screen.)
5. select the source ip address(es) for this access rule. if it can be any ip address, select any. if it is one ip address, select single and enter the ip address in the source ip fields. if it is a range of ip addresses, select range, and enter the ip addresses in the source ip fields.
6. select the destination ip address(es) for this access rule. if it can be any ip address, select any. if it is one ip address, select single and enter the ip address in the destination ip fields. if it is a range of ip addresses, select range, and enter the ip addresses in the destination ip fields.
7. decide when you want this access rule to be enforced, and enter the hours and minutes in 24-hour format.
the default condition for any new rule is to always enforce it.
decide which days of the week you want the access rule to be enforced, and select the appropriate days.
click the save settings button to save your changes, or click the cancel changes button to undo your changes.
click the back button to return to the access rules screen.