"Call filter" and "Data filter", firewall clarification wanted please

Discussion in 'Home Networking' started by tinnews, Apr 13, 2008.

  1. tinnews

    tinnews Guest

    My new Draytek Vigor 2820n has what it calls "Call Filter" and "Data
    Filter" in its firewall setup. The manual says:-

    Call Filter - When there is no existing Internet connection, Call
    Filter is applied to all traffic, all of which should be outgoing.
    It will check packets according to the filter rules. If legal,
    the packet will pass. Then the router shall “initiate a callâ€
    to build the Internet connection and send the packet to Internet.

    Data Filter - When there is an existing Internet connection, Data
    Filter is applied to incoming and outgoing traffic. It will check
    packets according to the filter rules. If legal, the packet will
    pass the router.


    I don't really follow the above, can anyone clarify or point me at a
    fuller explanation somewhere please. In particular what does it mean
    (in this context) by an "Internet connection"? Does it mean the state
    of the ADSL connection - that doesn't really make sense because it's
    always up unless something has gone wrong. Alternatively does it mean
    a particular 'conversation' with a remote system - still doesn't make
    much sense to me because (for example) UDP is stateless so there is no
    concept of a connection, and why should only outgoing traffic be
    allowed?

    All in all I'm confused! :)

    I have set up the firewall quite successfully by setting up the Data
    Filter with the rules I used for previous routers, that seems to have
    produced the result I want. I have ignored the Call Filter.
     
    tinnews, Apr 13, 2008
    #1
    1. Advertisements

  2. tinnews

    Chris Davies Guest

    This is for a situation where the router has not yet established the ADSL
    connection to your ISP. It allows you to control which traffic should
    initiate this connection. (Think of time-based charging such as ISDN,
    or where there is a call setup charge and/or traffic costs are so high
    that you don't want to establish a connection unnecessarily.)

    Once a connection has been made, you may not worry too much about what
    data passes over the link. This ruleset allows you to determine what
    traffic is allowed through the router.

    Sounds about right. Not that I have a Draytek, though (I'm basing my
    answers on "old fashioned" ppp with dial-on-demand).

    Chris
     
    Chris Davies, Apr 15, 2008
    #2
    1. Advertisements

  3. tinnews

    tinnews Guest

    Ah, OK, it does mean what it says then. It's just rather strange in
    the UK/ADSL situation where connections are nearly all "always on". I
    think, as you say, it's probably mostly for ISDN and such (which some
    varieties of the 2820 do support) where the router does initiate
    connections on a frequent basis.
    Yes, my guess that it was this section where I should put my 'normal'
    firewall rules seems to be working.
    Yes, as I said it seems to be doing what I want.

    It's just that all previous ADSL routers I have set up (that's three
    different ones) just had one set of firewall rules which, in the above
    classification, would be "Data Filter". If the manual had made it
    clear that the "Data Filter" was the one I should be doing things to
    for an "always on" connection I'd have had no trouble.

    Thanks for the help.
     
    tinnews, Apr 15, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.