Chapter 5. Securing The Private Network; Firewall Rules - D-Link DSR-150 User Manual

Chapter 5. Securing the Private
Yo u can s ecu re y ou r n etwo rk b y creat in g an d ap p ly in g ru les t h at y o u r ro u t er u s es t o
s elect iv ely b lo ck an d allo w in b o u n d an d o u t b o u n d In t ern et t raffic. Yo u t h en s p ecify
h o w an d t o wh o m t h e ru les ap p ly . To d o s o , y o u mu s t d efin e t h e fo llo win g :

Serv ices o r t raffic t y p es (examp le s : web b ro ws in g , Vo IP, o t h er s t an d ard s erv ices
an d als o cu s t o m s erv ices t h at y o u d efin e)

Direct io n fo r t h e t raffic b y s p ecifyin g t h e s ource an d d es t in at io n o f t raffic ; t h is is
d o n e b y s p ecify in g t h e "Fro m Zo n e" (LA N/ W A N/ DM Z) an d "To Zo n e"
(LA N/ W A N/ DM Z)

Sch ed u les as t o wh en t h e ro u t er s h o u ld ap p ly ru les

A n y Key wo rd s (in a d o main n ame o r o n a URL o f a web p ag e) t h at t h e ro u t er
s h o u ld allo w o r b lo ck

Ru les fo r allo win g o r b lo ckin g in b o un d an d o u tb oun d In t ern et t raffic fo r s p ecified
s erv ices o n s p ecified s ch ed u les

M A C ad d res s es o f d ev ices t h at s h o u ld n o t acces s t h e in t ern et

Po rt t rig g ers t h at s ign al t h e ro u ter t o allo w o r b lo ck acces s t o sp ecified s erv ices as
d efin ed b y p o rt n u mb er

Rep o rt s an d alert s t h at y o u wan t t h e ro u t er t o s en d t o y o u
Yo u can , fo r examp le, es t ab lis h res t rict ed -acces s p o licies b as ed o n t ime -o f-d ay , web
ad d res ses, an d web ad d ress key wo rd s . Yo u can b lo ck In t ern et acces s b y ap p licat io n s
an d s erv ices o n t h e LA N, s u ch as ch at ro o ms o r g ames . Yo u can b lo ck ju s t cert ain
g ro u p s o f PCs o n y o u r n et wo rk fro m b ein g acces s ed b y t h e W A N o r p u b lic DM Z
n et wo rk.

5.1 Firewall Rules

Advanced > Firewall Settings > Firewall Rules
In b o u n d (W A N t o LA N/ DM Z) ru les rest rict acces s t o t raffic en t erin g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific o u t side u sers t o access s p ecific lo cal res o u rces . By
d efau lt all acces s fro m t h e in s ecure W AN s id e are b lo cked fro m acces sin g t h e s ecu re
LA N, excep t in res p o nse t o req uest s fro m t h e LA N o r DM Z. To allo w o u t s id e d ev ices
t o acces s s erv ices o n t h e s ecu re LA N, y o u mu s t creat e a n in b o u n d firewall ru le fo r
each s erv ice.
If y o u wan t t o allo w in co min g t raffic, y o u mu s t make t h e ro u t er's W A N p o rt IP
ad d res s kn o wn t o t h e p u blic. Th is is called "exp o sin g y o ur h o st." Ho w y o u make y o u r
ad d res s kn o wn d ep en d s o n h o w t h e W A N p o rt s are co n fig u red ; fo r t h is ro u t er y o u
Network