Table 56 security > firewall > services – ZyXEL Communications NBG334W User Manual

Chapter 13 Firewall

NBG334W User’s Guide

147

The following table describes the labels in this screen.

Table 56 Security > Firewall > Services

LABEL

DESCRIPTION

ICMP

Internet Control Message Protocol is a message control and error-reporting

protocol between a host server and a gateway to the Internet. ICMP uses Internet

Protocol (IP) datagrams, but the messages are processed by the TCP/IP software

and directly apparent to the application user.

Respond to Ping

on

The NBG334W will not respond to any incoming Ping requests when Disable is

selected. Select LAN to reply to incoming LAN Ping requests. Select WAN to reply

to incoming WAN Ping requests. Select Guest WLAN to reply to incoming Guest

WLAN Ping requests. Otherwise select LAN & WAN & Guest WLAN to reply to all

incoming LAN, WAN and Guest WLAN Ping requests.

Do not respond to

requests for

unauthorized

services

Select this option to prevent hackers from finding the NBG334W by probing for

unused ports. If you select this option, the NBG334W will not respond to port

request(s) for unused ports, thus leaving the unused ports and the NBG334W

unseen. By default this option is not selected and the NBG334W will reply with an

ICMP Port Unreachable packet for a port probe on its unused UDP ports, and a

TCP Reset packet for a port probe on its unused TCP ports.
Note that the probing packets must first traverse the NBG334W's firewall

mechanism before reaching this anti-probing mechanism. Therefore if the firewall

mechanism blocks a probing packet, the NBG334W reacts based on the firewall

policy, which by default, is to send a TCP reset packet for a blocked TCP packet.

You can use the command "sys firewall tcprst rst [on|off]" to change this policy.

When the firewall mechanism blocks a UDP packet, it drops the packet without

sending a response packet.

Service Setup

Enable Services

Blocking

Select this check box to enable this feature.

Available Services This is a list of pre-defined services (ports) you may prohibit your LAN computers

from using. Select the port you want to block using the drop-down list and click

Add to add the port to the Blocked Services field.

Blocked Services

This is a list of services (ports) that will be inaccessible to computers on your LAN

once you enable service blocking.

Custom Port

A custom port is a service that is not available in the pre-defined Available

Services list and you must define using the next two fields.

Type

Choose the IP port (TCP or UDP) that defines your customized port from the drop

down list box.

Port Number

Enter the port number range that defines the service. For example, if you want to

define the Gnutella service, then select TCP type and enter a port range from

6345 to 6349.

Add

Select a service from the Available Services drop-down list and then click Add to

add a service to the Blocked Services

Delete

Select a service from the Blocked Services list and then click Delete to remove

this service from the list.

Clear All

Click Clear All to empty the Blocked Services.

Schedule to Block

Day to Block:

Select a check box to configure which days of the week (or everyday) you want

service blocking to be active.

Time of Day to

Block (24-Hour

Format)

Select the time of day you want service blocking to take effect. Configure blocking

to take effect all day by selecting All Day. You can also configure specific times by

selecting From and entering the start time in the Start (hour) and Start (min)

fields and the end time in the End (hour) and End (min) fields. Enter times in 24-

hour format, for example, "3:00pm" should be entered as "15:00".