Cradlepoint MBR1200 Product Manual page 51

MBR1200 | USER MANUAL Firmware ver. 1.6.12
CRADLEPOINT
Inbound Filter Rules List
5.5.2
This section lists the current Inbound Filter rules. Click the Enable
check box at the left to directly activate or de-activate the entry. An
entry can be changed by clicking the Edit icon or can be deleted by
clicking the Delete Inbound Filters Rule List section icon. When you
click the Edit icon, the item is highlighted, and the Inbound Filter Rules section is activated for editing.
After you‟ve completed all modifications or deletions, you must click the Save Settings button at the top of the page to save your changes. The
router must reboot before new settings will take effect. You will be prompted to Reboot the Device or Continue. If you need to make additional
settings changes, click Continue. If you are finished with all configuration settings, click the Reboot the Device button.
5.5.3 Configuring an Inbound Filter Rule
When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the
router or which corresponds to a Virtual Server, Gaming, or Special Application Rule is ALLOWED by default. When rules are configured, the
router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by
one in the order that they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED. Once a match
has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only
a specific subset of traffic usually requires more than one rule to be entered.
Example: You have configured a game server, using the
would like to limit the access to your network and server to specific times of the day and only to your friends.
Next you would define a schedule on the
between 7 PM and 11 PM. This example will assume all of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of these addresses individually or you may
just decide that using an IP range that covers all of them is sufficient for your needs.
The first rule is to configure a
want to have access to your network. It is important to enter the
be checked first. Notice that it covers all
defined in the Game Rule List.
log for this rule so that you can check in the log for anything that is filtered inappropriately. Next configure the
© 2010 CRADLEPOINT, INC.
Advanced → Gaming
Tools → Schedule
DENY rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you
Source IP Address,
This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the
PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
sub-menu, to play HALO: Combat Evolved with some friends. You
sub-menu, called Game time, which specifies a schedule of Friday and Saturday
DENY rule first since all subsequent rules will be added higher in the list and will
Source Ports, and Times (Always), but is specifically tied to the Public Ports
FOR MORE HELP AND RESOURCES
ALLOW rules.
PAGE 49