Traffic Rules
To configure traffic rules for the device:
- Firewall
- Traffic Rules
Traffic rules can filter specific types of internet data and block unauthorized access requests to improve network security.
| Parameter | Description | Default Value |
|---|---|---|
| Enable | Enable / Disable | Enable |
| Name | Rule name | - |
| Restrict to address family | IPv4 only | IPv4 only |
| Protocol | TCP+UDP / TCP / UDP / ICMP | TCP+UDP |
| Match ICMP type | Matching ICMP rule, match any type. | Any |
| Source zone | Any zone / LAN / WAN | LAN |
| Source MAC address | Source MAC address matching this rule. Multiple MAC addresses can be separated by spaces.
If "Any" is selected, all MAC addresses are matched. | Any |
| Source IP address | Source IP address or IP range such as 192.168.1.100-192.168.1.200.
If "Any" is selected, the rule matches all IP addresses. | Any |
| Source port | Source port or port range such as 8000-9000. If "Null" is selected, all ports are matched. | Null |
| Destination zone | Device / Any zone / LAN / WAN | Any |
| Destination address | Target IP address to match. If "Any" is selected, all IP addresses are matched. | Any |
| Destination port | Target port to match. If "Null" is selected, all ports are matched. | Null |
| Action | Select the action to be taken after matching packets: drop, accept, reject, don't track. | Accept |
IP Address Blacklist
In the Traffic Rules menu, click Add and edit under New forward rule after entering a rule name.
Set Protocol to TCP+UDP, Source zone to lan, and set Source IP address to the desired IP address (for example, 192.168.1.163).
Set Destination zone to wan, set Destination address to any, and set Action to reject, then click Save & Apply.
As a result, the device with IP address 192.168.1.163 will be blocked from accessing external networks. You can apply the same logic to configure other traffic rules.
IP Address Whitelist
In the Traffic Rules menu, click Add and edit under New forward rule after entering a rule name.
Set Protocol to TCP+UDP, Source zone to lan, and set Source IP address to the desired IP address (for example, 192.168.1.150).
Set Destination zone to wan, set Destination address to any, and set Action to accept, then click Save & Apply.
Then add another rule to block all other communications by setting Source IP address and Destination address to any, and Action to reject.
In rule ordering, the accept rule must be placed before the reject rule.
