IP filter rules (exceptions for filtering the IP packets) are already added in default settings. Further filter rules can be added by the wizards automatically.
It is recommended to check these already existing filter rules for utmost security. If existing filter rules are not necessary, these should be deactivated. If existing filter rules are not necessary in their full extent, these should be restricted. If only IPv4 or IPv6 is used, all existing filter rules are to be limited to the IP version used - this blocks IP traffic for the IP version that is not used.
Deactivate or delete filter rules
-
Click in the
Network → Firewall / NAT menu in the line of the desired filter rule on 
to modify it. -
If this filter rule is temporarily not required, uncheck the checkbox active.
-
If this filter rule is permanently not required, click on
. -
Click on SUBMIT .
-
Click on ACTIVATE PROFILE
.
Restrict filter rules
-
Click in the
Network → Firewall / NAT menu in the line of the desired filter rule on to modify it. -
Select the IP version, if the rule shall only permit IP packets of a certain version.
-
Check under Input interface only the interface over which the packet is allowed to reach the router.
-
Check under Output interface only the interface over which the packet is allowed to leave the router.
-
If the filter rule is supposed to permit only IP packets of a certain IP address and/or a certain port, enter these under Source IP address or Source port.
-
If the filter rule is supposed to permit only IP packets to a certain IP address and/or a certain port, enter these under Destination IP address or -Destination port_.
-
Click on SUBMIT .
-
Click on ACTIVATE PROFILE
.
|
Many applications assign the source port dynamically which does not allow to restrict to a certain port or only to a port range. |
The existing filter rule for HTTPS access to the web Interface has been limited to IPv4 and the source address 192.168.1.7 in the following example.
