We've already covered some of the aspects of the firewall, such as it using stateful packet inspection. The firewall controls (Figure 7) are typical of most firewalls in its class, and is nearly identical to what is found elsewhere in the Linksys router line. From the Firewall Tab you can create and modify Network Access Rules to evaluate the network traffic's Source IP address, Destination IP address, and IP protocol type to decide if the IP traffic is allowed to pass through the firewall.
Figure 7: Firewall Network Access Rules
Using custom rules (Figure 8), it is possible to disable all firewall protection or block all access to the Internet, so use extreme care when creating or deleting network access rules.
Figure 8: Defining a Custom Rule
The router has a few default rules in place when you first set it up. You won't actually see these rules when you view the firewall tab, but they are there:
Custom rules that are created override the default rules shown above, but there are four additional default rules that will be always active, and custom rules will never override these four rules:
Besides the default rules, all configured network access rules are listed in the table, and the rules are order dependent, so a rule that sits above another rule gets executed first. When the firewall has checked all the rules, the default rules apply as rules of last resort.
Something rare for a firewall in this price point is the ability to create custom services (Figure 9). Standard services are pre-defined, such as HTTP on port 80, FTP on ports 20 and 21. These can be selected from a drop down box. But if you have something that is not on the list, you can create it yourself, such as adding a rule for MySQL traffic, which uses port 3306. It is not on the drop down list, but you can add a custom service by specifying the port.
Figure 9: Defining a Custom Service
Additionally, firewall rules can be set to be active only during certain times of the day or on certain days of the week (Figure 10). This allows you to restrict access to and from your network by specific protocols or sites during the time periods these rules are active, such as blocking the ports used by P2P from 8-6 Monday - Friday, but not on weekends.