Cradlepoint WIPIPE MBR1000 User Manual

CradlePoint MBR1000 | USER MANUAL Firmware ver. 1.6.9

© 2010 CRADLEPOINT, INC. PLEASE VISIT

HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/

FOR MORE HELP AND RESOURCES

PAGE 49

5.5.2

Inbound Filter Rules List

This section lists the current Inbound Filter rules. Click the Enable
check box at the left to directly activate or de-activate the entry. An
entry can be changed by clicking the Edit icon or can be deleted by
clicking the Delete Inbound Filters Rule List section icon. When you
click the Edit icon, the item is highlighted, and the Inbound Filter Rules section is activated for editing.

After you‟ve completed all modifications or deletions, you must click the Save Settings button at the top of the page to save your changes. The
router must reboot before new settings will take effect. You will be prompted to Reboot the Device or Continue. If you need to make additional
settings changes, click Continue. If you are finished with all configuration settings, click the Reboot the Device button.

5.5.3

Configuring an Inbound Filter Rule

When the Rule List is empty or none of the rules are enabled, all inbound data that corresponds to a connection that originated from inside the
router or which corresponds to a Virtual Server, Gaming, or Special Application Rule is ALLOWED by default. When rules are configured, the
router compares incoming data packets against the rules in the list. It is very important to understand that the router examines each rule one by
one in the order that they are listed in the Rule list until it finds a match. The packet will either be DENIED (Dropped) or ALLOWED. Once a match
has been made, no further rules will be examined for that packet. If no rules match the data packet, it is ALLOWED. This means that to allow only
a specific subset of traffic usually requires more than one rule to be entered.

Example: You have configured a game server, using the

Advanced

→ Gaming

sub-menu, to play HALO: Combat Evolved with some friends. You

would like to limit the access to your network and server to specific times of the day and only to your friends.

Next you would define a schedule on the

Tools

→ Schedule

sub-menu, called Game time, which specifies a schedule of Friday and Saturday

between 7 PM and 11 PM. This example will assume all of your friends use the same service provider and have IP addresses 67.150.220.117,
67.150.231.43, and 67.150.231.75. You have an option of defining a set of rules to match each one of these addresses individually or you may
just decide that using an IP range that covers all of them is sufficient for your needs.

The first rule is to configure a

DENY

rule that will catch all of the traffic that arrives on these ports but does not match data from the sources you

want to have access to your network. It is important to enter the

DENY

rule first since all subsequent rules will be added higher in the list and will

be checked first. Notice that it covers all

Source IP Address

,

Source Ports

, and

Times (Always)

, but is specifically tied to the Public Ports

defined in the

Game Rule List.

This is because you do not want to accidentally block traffic for other applications. It is a good idea to turn on the

log for this rule so that you can check in the log for anything that is filtered inappropriately. Next configure the

ALLOW

rules.