It is important to understand the logic of WinRoute's packet filters before creating any rules. This section will help outline the concepts Inherent to WinRoute's filtering.
What is an Interface?
An interface is any medium, physical or virtual, through which the operating system will be transmitting/receiving IP traffic. WinRoute will display all interfaces that it identifies in the interface table within the settings menu. Note that you can rename interfaces from the interface table. It is recommended that you create new names for each interface for easier administration when creating filter rules.
What is OUTGOING/INCOMING?
WinRoute always considers its engine as the centerpiece of the entire system. As such, traffic passes THROUGH WinRoute (incoming to one interface and outgoing from the other). As an example, a client computer makes an http get request for some object from yahoo.com. The packet is generated at the client and forwarded first to WinRoute (the default gateway). This packet is incoming to the LAN interface. It is then forwarded to WinRoute's default gateway in which case it is outgoing traffic from the Internet interface. When Yahoo.com sends back the object in a sequence of packets they are incoming to the Internet interface. These packets are then routed back to the client as outgoing traffic from the LAN interface.
What is the difference between drop or deny?
Each packet filter rule will follow one of three actions: Permit, Deny, or Drop. If you choose to deny a packet, WinRoute will send back a response to the requesting host indicating that the connection attempt was refused. If you choose to Drop a packet, the requesting client will receive no response from the WinRoute firewall, as if the WinRoute computer was physically disconnected from the network or not powered.
Rules set per Interface
WinRoute can define separate security rules for each interface you have in your computer. This is useful for networks with DMZ segments, or multiple subnets that are segmented through WinRoute.
RULES APPLICATION:
From TOP to BOTTOM
Rules are defined in a list and applied from top to Bottom. When a packet reaches an interface, it is checked against the list of rules. The filter looks at the top criteria first and goes down the list checking the lowest rule last. If a packet meets the criteria, the rule is applied and the rest of the rules are omitted. For this reason it is best to place all allow rules on top and create a single drop rule at the bottom for all IP traffic.
Rules may be applied to:
Rules may be applied in predefined time intervals
In some cases, it may be useful to apply specific rules during office hours and different criteria for after hour access. These intervals can be created in the advanced settings and referenced by individual filter rules.