Firewall, Port Mapping, Filters

The 318 features a SPI-based firewall, with a typical set of features. You can statically forward up to 10 ports or port ranges (no protocol selection), and put one computer in DMZ (outside the firewall). You can leave port forwarding information in the router and just enable / disable the forwarding when needed, but you can't schedule the enabling for certain times of day or days of the week. Folks who run servers will appreciate that server "loopback" is supported.

Curiously, there are no port filters, so you can't block, say, the ports needed for certain games or file-sharing services. Because this was such an obvious omission, I asked NETGEAR about it and they said that they will support port filtering in a future firmware release, but gave no time frame.

You do have the ability to control the websites and newsgroups that your users visit via the Block Sites feature shown in Figure 3.

Figure 3: Block Sites
(click on the image for a full-sized view)

Block sites works by having you enter any portion of a website address (not including "http://") for websites and newsgroups that you want to block. You can enter up to 32 keywords, each of which can be up to 32 characters long. The filter works by doing a wildcard match of the entered string against the URL or newsgroup name. If there's a match, a "blocked" message appears on the user's screen.

Logs of blocked attempts for filtered sites are sent to the security log (more on that later), and will be emailed to a single email address immediately, hourly, daily (you specify the hour), or when the log fills up.

Blocking can be scheduled for every day, or just specific days of the week. But you get only one time period that will apply to all selected days. For those who don't want no steenking filters, you can enter one IP address that will get unfiltered Internet access.

So much for the firewall. On to the VPN features!