Kerio Tech Firewall6 User Manual
Page 91
7.4 Basic Traffic Rule Types
91
Limiting Internet Access
Sometimes, it is helpful to limit users access to the Internet services from the local network.
Access to Internet services can be limited in several ways. In the following examples, the
limitation rules use IP translation. There is no need to define other rules as all traffic that
would not meet these requirements will be blocked by the default "catch all" rule.
Other methods of Internet access limitations can be found in the Exceptions section (see below).
Note: Rules mentioned in these examples can be also used if WinRoute is intended as a neutral
router (no address translation) — in the Translation entry there will be no translations defined.
1.
Allow access to selected services only. In the translation rule in the Service entry specify
only those services that are intended to be allowed.
Figure 7.25
Internet connection sharing — only selected services are available
2.
Limitations sorted by IP addresses. Access to particular services (or access to any Internet
service) will be allowed only from selected hosts. In the Source entry define the group of IP
addresses from which the Internet will be available. This group must be formerly defined
in Configuration → Definitions → Address Groups (see chapter
).
Figure 7.26
Only selected IP address group(s) is/are allowed to connect to the Internet
Note: This type of rule should be used only if each user has his/her own host and the
hosts have static IP addresses.
3.
Limitations sorted by users. Firewall monitors if the connection is from an authenticated
host. In accordance with this fact, the traffic is permitted or denied.
Figure 7.27
Only selected user group(s) is/are allowed to connect to the Internet