firewall rules are used to block or allow specific traffic passing through from one side of the wireless firewall/print server to the other. inbound rules (wan to lan) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. outbound rules (lan to wan) determine what outside resources local users can have access to.

    a firewall has two default rules, one for inbound traffic and one for outbound. the default rules of the fwg114p are:

    1 inbound: block all access from outside except responses to requests from the lan side.

    2 outbound: allow all access from the lan side to the outside.

    these default rules are shown in the rules table of the rules menu in figure 6-2:

   

    you can define additional rules that will specify exceptions to the default rules. by adding custom rules, you can block or allow access based on the service or application, source or destination ip addresses, and time of day. you can also choose to log traffic that matches or does not match the rule you have defined.

    to create a new rule, click the add button.

    to edit an existing rule, select its button on the left side of the table and click edit.

    to delete an existing rule, select its button on the left side of the table and click delete.

    to move an existing rule to a different position in the table, select its button on the left side of the table and click move. at the script prompt, enter the number of the desired new position and click ok.

    an example of the menu for defining or editing a rule is shown in figure 6-3. the parameters are:

    1 service. from this list, select the application or service to be allowed or blocked. the list already displays many common services, but you are not limited to these choices. use the services menu to add any additional services or applications that do not already appear.

    2 action. choose how you would like this type of traffic to be handled. you can block or allow always, or you can choose to block or allow according to the schedule you have defined in the schedule menu.

    3 source address. specify traffic originating on the lan (outbound) or the wan (inbound), and choose whether you would like the traffic to be restricted by source ip address. you can select any, a single address, or a range. if you select a range of addresses, enter the range in the start and finish boxes. if you select a single address, enter it in the start box.

    4 destination address.the destination address will be assumed to be from the opposite (lan or wan) of the source address. as with the source address, you can select any, a single address, or a range unless nat is enabled and the destination is the lan. in that case, you must enter a single lan address in the start box.

    5 log. you can select whether the traffic will be logged. the choices are:

    (1)never - no log entries will be made for this service.

    (2)match - traffic of this type which matches the parameters and action will be logged.