User guide
Chapter 6 – RouteFinder Software
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 109
Packet Filters > Packet Filter Rules
System Defined Rules
These rules define a set of common application services that are allowed outbound access through the
RouteFinder's WAN interface. The software defines a default Service Group called default_outbound.
Services under default_outbound are FTP, TELNET, SMTP, DNS, HTTP, POP3, IMAP, and HTTPS.
Add User Defined Packet Filter Rules
Packet filter rules are created by choosing from four drop-down lists. All services, networks, and groups
previously created in Definitions are available for selection. Click Add to create the appropriate rule; it
then displays at the bottom of the table. The new rule automatically receives the next available number
in the table. The overall effectiveness of the rule is decided by its position in the table. You can move
the new rule within the table with the Move function in the Command column.
Important:
The order of the rules in the table is essential for the correct functioning of the firewall. By clicking the
Move button, the order of execution can be changed. In front of rule to be moved, enter the line number
that indicates where the rule should be placed. Confirm by clicking OK.
By default, new rules are created at the end of the table.
From – Select the network from which the information packet must be sent for the rule to match.
You can also select network groups. The Any option can also be given which matches all IP
addresses, regardless of whether they are officially assigned addresses or so-called private
addresses. These Network clients or groups must be pre-defined in the Networks menu. Example:
Any, LAN, WANLINK1. Options changed if Load Balancing is enabled.
Service – Select the service that is to be matched with the rule. These services are pre-defined in
the Services menu. With the help of these services, the information traffic to be filtered can be
precisely defined. The default entry Any selects all combinations of protocols and parameters (e.g.,
ports). Example: SMTP,ANY
To – Select the network to which the data packets are sent for the rule to match. Network groups
can also be selected. These network clients or groups must be pre-defined in the Networks menu.
Action – Select the action that is to be performed in the case of a successful matching (applicable
filter rule). There are three types of actions:
• Accept: Allows/accepts all packets that match this rule.
• Reject: Blocs all packets that match this rule. The host sending the packet will be informed
that the packet has been rejected.
• Drop: Drops all packets that match this rule, but the host is not informed. Use Drop for filter
violations that constantly take place, are not security relevant, and only flood the LiveLog with
meaningless messages (e.g., NETBIOS-Broadcasts from Windows computers).
• To drop packets with the target address Broadcast IP, define the appropriate broadcast
address in the form of a new network in the Netwo
rks menu (defining new networks is
explained in detail earlier in this chapter). Then set and enable the packet filter rule.
To Broadcast on the Whole Internet: To Broadcast on One Network Segment:
1. Open the Networks & Services menu, click
Add, and enter the following data:
Name: Broadcast32
IP Address: 255.255.255.255
Subnet Mask: 255.255.255.255
2. Confirm by clicking the Add button.
3. Open the Rules menu in the Packet Filter
directory and set the packet filter rules:
From (Client): Any
Service: Any
To (Server): Broadcast32
Action: Drop
4. Confirm by clicking the Add button.
1. Open the Networks & Services menu, click
Add, and enter the following data:
Name: Broadcast8
IP Address: 192.168.0.255
Subnet Mask: 255.255.255.255
2. Confirm by clicking the Add button.
3. Open the Rules menu in the Packet Filter
directory and set the packet filter rules:
From (Client): Any
Service: Any
To (Server): Broadcast8
Action: Drop
4. Confirm by clicking the Add button.
Add
Confirm your entry by clicking the Add button. After a successful definition, the rule is always added to the
end of the rule set table. Entries can be edited by clicking the Edit button, which loads the data into the
entry menu. The entries can then be edited. The changes are saved by clicking the Save button.
Delete
Rules can be deleted by clicking the Delete button.