XAVI Technologies Corp. X8821r+ User manual - page 25
X8821r User’s Manual Version 1.0
49 / 101
sending packets that use the WAN or LAN IP broadcast
address as the source address. Land Attack - sending
packets that use the same address as the source and
destination address. Ping of Death - illegal IP packet
length.
DOS Protection: Click on the Enable button to use the
following Denail of Service protection: SYN DoS, ICMP
DoS, Per-host DoS protection.
Max Half open TCP Connection: Enter the percentage of
concurrent IP sessions that can be in the half-open state. In
ordinary TCP communication, packets are in the half-open
state only briefly as a connection is being initiated; the state
changes to active when packets are being exchanged, or
closed when the exchange is complete. TCP connections in
the half-open state can use up the available IP sessions. If
the percentage is exceeded, then the half-open sessions
will be closed and replaced with new sessions as they are
initiated.
MAX ICMP Connection: Sets the percentage of concurrent
IP sessions that can be used for ICMP messages. If the
percentage is exceeded, then older ICMP IP sessions will
be replaced by new sessions as the are initiated.
Max Single Host Connection: Sets the percentage of
concurrent IP session that can originate from a single
computer. This percentage should take into account the
number of hosts on the LAN.
Log Destination: Select how attempted violations of the
firewall settings will be tracked. Records of such events can
be sent via Ethernet to be handled by a system utility
(Trace) or can e-mailed to specified administrators.
Email ID of Admin: Enter the e-mail addresses of the
administrators who should receive notices of any attempted
firewall violations.
Click on the Submit button when completed and make sure
to Commit & Reboot.
.
X8821r User’s Manual Version 1.0
50 / 101
9.4 IP
Filter
Click on the IP Filter link to view the IP filter configuration table. The
IP filter feature enables you to create rules that control the
forwarding of incoming and outgoing data between your LAN and the
Internet and within your LAN.
You can create IP filter rules to block attempts by certain computers
on your LAN to access certain types of data or Internet locations.
You can also block incoming access to computers on your LAN.
When you define an IP filter rule and enable the feature, you instruct
the ADSL/Ethernet router to examine data packets to determine
whether they meet criteria set forth in the rule. The criteria can
include the network or internet protocol the packet carries, the
direction in which it is traveling (for example, from the LAN to the
Internet or vice versa), the IP address of the sending computer, the
destination IP address, and other characteristics of the packet data.
If the packet matches the criteria established in a rule, the packet
can either be accepted (forwarded towards its destination), or denied
(discarded), depending on the action specified in the rule.
Security Level: Select None, Medium, Low, or High.
This setting determines which IP Filter rules take effect,
based on the security level specified in each rule. For
example, when High is selected, only those rules that are
assigned a security value of High will be in effect. The
same is true for the Medium and Low settings. When
None is selected, IP Filtering is disabled.
Private/Public/DMZ Default Action: This setting specifies
a default action to be taken (Accept or Deny) on private,
public, or DMZ-type device interfaces when they receive
packets that do not match any of the filtering rules. You can
specify a different default action for each interface type. A