G
ATEWAY
C
ONTROLLER
S
ERIES
U
SER
M
ANUAL
VALUEPOINT NETWORKS, INC. ALL RIGHTS RESERVED
P
AGE
96
OF
135
P o rt F i lt e r
The Port Filter will block or allow all traffic to a particular port. This is typically used
to block specific applications, like file sharing, IM chat, etc.
Source and destination IPs
IP Addresses can be entered in X.X.X.X/N format where N is
the netmask in bits. For example, you can enter values like
192.168.1.0/24 or 192.168.1.254/32. To specify "all" you can
enter "0.0.0.0/0".
Start Port
Enter the Start Port number. Port numbers can be in the range
0 to 65535. The drop down menu gives some sample rules for
typically unwanted subscriber applications. There is no
guarantee that these rules will work partially or completely on
your system, as applications may change ports.
End Port
Enter the End Port Number. Port numbers can be in the range 0
to 65535. This field can be left blank to block a single port as
specified in the
Start Port.
Permission
Set the mode of the filter.
Deny
blocks packets that match the
filter.
Allow
permits all packets that match the filter. Allow rules
take precedent over Deny rules, so you can create broad blocking
rules then just allow the specific traffic you want.
Blocking Local GUI Login
You can block local users from trying to ping or login to the Controller management GUI by
using a packet filter rule. First create a rule to allow access from your management IPs to
127.0.0.1 Port 80. For example SRC
:70.133.189.65/40 DST:1270.0.0.1 PORT:80 Allow
.
You can enter separate allow rules for LAN and WAN IPs. After you enter the allow rules,
then block all other traffic using
SRC:0.0.0.0/0 DST127.0.0.1 PORT 80 DENY
.
Note: All Port Filter rules take precedence over all Protocol Filter Rules.