Traffic Filtering Basics

Earlier in this article we mentioned that a firewall could also be used to control the services that internal hosts can access on the Internet. While most hardware routers are initially configured to allow all hosts access to any Internet services by default, you can also control who can access the Internet, or certain services, using filtering features.

On a hardware router like the Linksys model we used for this article, both IP address and port filtering can be accomplished via the Filtering tab in the router configuration program. This tab allows you to configure both IP addresses that cannot access the Internet, along with ports that cannot be connected to. For example, if you were to filter the IP address 192.168.1.50, the client system with that address would not be able to access the Internet at all. This can be useful in situations where you need to control children accessing the Internet, for example.

Similarly, you can also block internal users from accessing certain ranges of ports. For example, blocking port 80 would stop internal users from accessing external websites, while blocking all ports except for port 80 would stop users from accessing anything except Web sites. Ultimately, the ability to control Internet access by IP address and port numbers gives you a higher degree of control over how people use your Internet connection, and most importantly, your bandwidth.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.