5. Firewall Controls

• LINKSYS-CISCO VPN...
• • Dell Small Business
  • $279.99
• • STAPLES
  • $346.99
• • Newegg.com
  • $399.99
• • POSGlobal.com
  • $258.24
• • Mwave.com
  • $259.99

We've already covered some of the aspects of the firewall, such as it using stateful packet inspection. The firewall controls (Figure 7) are typical of most firewalls in its class, and is nearly identical to what is found elsewhere in the Linksys router line. From the Firewall Tab you can create and modify Network Access Rules to evaluate the network traffic's Source IP address, Destination IP address, and IP protocol type to decide if the IP traffic is allowed to pass through the firewall.

Figure 7: Firewall Network Access Rules

Using custom rules (Figure 8), it is possible to disable all firewall protection or block all access to the Internet, so use extreme care when creating or deleting network access rules.

Figure 8: Defining a Custom Rule

The router has a few default rules in place when you first set it up. You won't actually see these rules when you view the firewall tab, but they are there:

All traffic from the LAN to the WAN is allowed. All traffic from the WAN to the LAN is denied. All traffic from the LAN to the DMZ is allowed. All traffic from the DMZ to the LAN is denied. All traffic from the WAN to the DMZ is allowed. All traffic from the DMZ to the WAN is allowed.

Custom rules that are created override the default rules shown above, but there are four additional default rules that will be always active, and custom rules will never override these four rules:

HTTP service from LAN side to RV082 is always allowed. (That way you don't accidentally cut off the ability to manage the router.) DHCP service from LAN side is always allowed. (This only applies if you have DHCP turned on. You can disable DHCP and it will still be allowed, it just won't be on.) DNS service from LAN side is always allowed. (Because if you turn it off, its really hard to get to sites like www.tomsnetworking.com.) Ping service from LAN side to RV082 is always allowed. (Ping is useful for diagnosing network problems.)

Besides the default rules, all configured network access rules are listed in the table, and the rules are order dependent, so a rule that sits above another rule gets executed first. When the firewall has checked all the rules, the default rules apply as rules of last resort.

Something rare for a firewall in this price point is the ability to create custom services (Figure 9). Standard services are pre-defined, such as HTTP on port 80, FTP on ports 20 and 21. These can be selected from a drop down box. But if you have something that is not on the list, you can create it yourself, such as adding a rule for MySQL traffic, which uses port 3306. It is not on the drop down list, but you can add a custom service by specifying the port.

Figure 9: Defining a Custom Service

Additionally, firewall rules can be set to be active only during certain times of the day or on certain days of the week (Figure 10). This allows you to restrict access to and from your network by specific protocols or sites during the time periods these rules are active, such as blocking the ports used by P2P from 8-6 Monday - Friday, but not on weekends.

Figure 10: Firewall rule scheduler