TP-link router firewall settings

Router firewall settings, help to improve the security of the network, especially unlimited wifi, to avoid malicious attacks and network attacks by hackers. IP address filtering is used to set the access rights of the intranet host to the external network through the IP address. In a certain period of time, the communication of all or part of the ports of an IP (segment) of the intranet and all or part of the ports of the external network IP is prohibited/allowed. As follows, we will give you two examples.

Router firewall application example — (1) IP address filtering using IP address filtering is used to set the access rights of the intranet host to the external network through the IP address, which is suitable for such a requirement: It is forbidden/allowed to communicate with all or part of the ports of an IP (segment) of the intranet and all or part of the ports of the external network IP. When the IP address filtering function is enabled, you must enable the firewall master switch and clear the default filtering rules for IP address filtering. If there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information:

The following two examples will illustrate the use of IP address filtering. Example 1: Expected purpose: Do not allow the IP address of the intranet 192.168.1.100-192.168.1.102 to access all IP addresses of the external network; allow 192.168.1.103 completely Unrestricted access to all IP addresses of the external network. The setting method is as follows: 1. The default filtering rule is selected as follows: Any packet that does not meet the IP address filtering rule is prohibited from passing through the router:

2. Add an IP address to filter new entries: Allow the intranet 192.168.1.103 to access all IP addresses of the external network completely unrestricted. Because the default rule is “ prohibit packets that do not comply with IP filtering rules from passing through the router, so the intranet computer IP Address segment: 192.168.1.100-192.168.1.102 does not need to be added, it is forbidden to pass by default.

3. After saving, the following items are generated, which can achieve the intended purpose:

Example 2:
Expected purpose: The IP address of the intranet 192.168.1.100-192.168.1.102 can only be viewed at any time. Web page; 192.168.1.103 from 8:00 am to 6:00 pm only allowed to send and receive mail on the external network 219.134.132.62 mail server, the rest of the time can not communicate with the external network. To browse the web, you need to use port 80 (HTTP protocol), send and receive e-mail using 25 (SMTP) and 110 (POP), and the domain name server port number 53 (DNS) is set as follows: 1. The default filtering rule is selected as follows: Any packet that does not meet the IP address filtering rule is prohibited from passing through the router:

2. The following items can be set to achieve the intended purpose:

Router firewall application example — (2) MAC address filtering MAC address filtering is used to set the access rights of the intranet host to the external network through the MAC address. Applicable to such requirements: prohibit/allow the communication of a certain MAC address of the intranet and the external network. When MAC address filtering is enabled, you must enable the firewall master switch and clear the default filtering rules for MAC address filtering. If there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information:

The following uses an example to illustrate the use of MAC address filtering. For example, only the computer with the MAC address of “00-19-66-80-53-52” is allowed to access the external network, and other computers are prohibited from accessing the external network. The setting method is as follows: 1. Select the default filtering rule as: Only allowed Set the enabled MAC address in the MAC address list to access the Internet

2. Add a new entry for MAC address filtering: Add the MAC address: 00-19-66-80-53-52, status selection “ Effective”

3. After saving, the following items are generated:

After the setting is completed, only the computer with the MAC address of the LAN is “00-19-66-80-53-52” can access the external network. To achieve the intended purpose. Router firewall application example — (3) Domain name filtering uses domain name filtering to restrict access to certain websites by computers in the LAN. It is suitable for the need to restrict access to certain websites of the external network at a certain time. Restrict the use of certain applications that require domain name resolution to communicate with the external network. When the domain name filtering function is enabled, you must enable the firewall master switch (if there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information): The following example illustrates the use of domain name filtering. Intended purpose: Visiting the website www.caraphbl.com at any time is only prohibited from accessing the website with the string “ldquo..cn” in the domain name from 8:00 am to 4:00 pm, and the rest of the time is allowed. The setting method is as follows: Add IP address to filter new entries: Disable access to the website at any time www.caraphbl.com Router firewall application example — (1) IP address filtering using IP address filtering for setting intranet host external network by IP address The access rights apply to the requirement that, during a certain period of time, communication of all or part of the ports of an IP (segment) of the intranet and all or part of the ports of the extranet IP are prohibited/allowed. When the IP address filtering function is enabled, you must enable the firewall master switch and clear the default filtering rules for IP address filtering. If there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information:

The following two examples will illustrate the use of IP address filtering. Example 1: Expected purpose: Do not allow the IP address of the intranet 192.168.1.100-192.168.1.102 to access all IP addresses of the external network; allow 192.168.1.103 to access all IP addresses of the external network completely unrestricted. The setting method is as follows: 1. The default filtering rule is selected as follows: Any packet that does not meet the IP address filtering rule is prohibited from passing through the router: 2. Add an IP address to filter new entries: Allow the intranet 192.168.1.103 to access all IP addresses of the external network completely unrestricted. Because the default rule is “ prohibit packets that do not comply with IP filtering rules from passing through the router, so the intranet computer IP Address segment: 192.168.1.100-192.168.1.102 does not need to be added, it is forbidden to pass by default. 3. After saving, the following items can be generated to achieve the intended purpose: Example 2: Intended purpose: The IP address of the intranet 192.168.1.100-192.168.1.102 can only browse the external webpage at any time; 192.168.1.103 from 8 am to PM At 6 o'clock, only the mail server on the external network 219.134.132.62 is allowed to send and receive mail, and the rest of the time cannot communicate with the external network. To browse the web, you need to use port 80 (HTTP protocol), send and receive e-mail using 25 (SMTP) and 110 (POP), and the domain name server port number 53 (DNS) is set as follows: 1. The default filtering rule is selected as follows: Any packet that does not meet the IP address filtering rule is prohibited from passing through the router: 2. After the following items are generated, the expected purpose can be achieved: Router firewall application example — (2) MAC address filtering MAC address filtering is used to set the access rights of the intranet host to the external network through the MAC address, which is suitable for such requirements: It is forbidden/allowed to communicate with a certain MAC address of the intranet and the external network. When MAC address filtering is enabled, you must enable the firewall master switch and clear the default filtering rules for MAC address filtering. If there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information: The following uses an example to illustrate the use of MAC address filtering. For example, only the computer with the MAC address of “00-19-66-80-53-52” is allowed to access the external network, and other computers are prohibited from accessing the external network. The setting method is as follows: 1. Select the default filtering rule as: Only allowed Set the MAC address in the MAC address list to access the Internet 2. Add a new entry for MAC address filtering: Add MAC address: 00-19-66-80-53-52, status selection & ldquo; Effective & rdquo; 3, after saving, generate the following Entry: After the setting is completed, only the computer with the MAC address of “LAN-19-66-80-53-52” in the LAN can access the external network to achieve the intended purpose. Router firewall application example — (3) Domain name filtering uses domain name filtering to restrict access to certain websites by computers in the LAN. It is suitable for the need to restrict access to certain websites of the external network at a certain time. Restrict the use of certain applications that require domain name resolution to communicate with the external network. When the domain name filtering function is enabled, you must enable the firewall master switch (if there is any ambiguity in the setting process, you can click the “Help” button on the current page to view the help information): The following example illustrates the use of domain name filtering. Intended purpose: Visiting the website www.caraphbl.com at any time is only prohibited from accessing the website with the string “ldquo..cn” in the domain name from 8:00 am to 4:00 pm, and the rest of the time is allowed. The setting method is as follows: 1. Add an IP address to filter new entries: Access to the following website address is prohibited at any time

Access to the domain with the string “ldquo..cn” from 8 am to 4 pm

2. After saving, the following items are generated, which can achieve the intended purpose:

Note: 1. The domain filter status bar displays “failed" and "effective”, the corresponding filter entry will only take effect if the status entry is "effective" After setting the filtering rules on the router, you need to delete the temporary files of the browser on the computer: Open IE->Click “Options>->Select “Internet Options”->In “General <quo;Click on the tab“delete file”. Possible reasons why domain name filtering does not take effect: 1. Check whether the router's firewall master switch and domain name filtering are enabled, and whether the entries set in the domain name filtering take effect. Whether the domain name to be filtered is a subset of the domain name being accessed: such as domain name filtering settings filtering “163.com” then such as “news.163.com”,“mail.163.com” is inaccessible, but If it is set to filter “www.163.com”, then only “www.163.com” and “www.163.com/*” cannot be accessed, such as “news.163.com”, “mail.163.com” is available for normal access. 3. Local DNS cache reason, using URL to access the network process: 1) After entering the domain name in the browser, the system submits the domain name to the DNS server for resolution, and then uses the resolved IP address to access the destination site. 2) If the local DNS cache already exists The IP obtained by the domain name resolution does not need to be resolved by the DNS server again. The local machine directly uses the IP address that has been resolved in the cache to access the destination site. Therefore, even if the above steps 1 and 2 are set correctly, the local DNS cache may still be normal. Access to the filtered site, this situation clears the local DNS cache. Method: Repair the local connection or use the “ipconfig/flushdns” command to clear the command prompt