166 Chapter 10 FirewallsNN47922-500• Restrict use of certain protocols, such as Telnet, to authorized users on theLAN.These custom rules work by evaluating the network traffic’s Source IP address,Destination IP address, IP protocol type, and comparing these to rules set by theadministrator.Below is a brief technical description of how these connections are tracked.Connections can either be defined by the upper protocols (for instance, TCP), orby the Business Secure Router itself (as with the virtual connections created forUDP and ICMP).TCP securityThe Business Secure Router uses state information embedded in TCP packets.The first packet of any new connection has its SYN flag set and its ACK flagcleared; these are initiation packets. All packets that do not have this flag structureare called subsequent packets, since they represent data that occurs later in theTCP stream.If an initiation packet originates on the WAN, someone is trying to make aconnection from the Internet into the LAN. Except in a few special cases, (see“Upper layer protocols” on page 167), these packets are dropped and logged.If an initiation packet originates on the LAN, someone is trying to make aconnection from the LAN to the Internet. Assuming that this is an acceptable partof the security policy (as is the case with the default policy), the connection isallowed. A cache entry is added, which includes connection information such asIP addresses, TCP ports, and sequence numbers.Note: The ability to define firewall rules is a very powerful tool. Usingcustom rules, it is possible to disable all firewall protection or block allaccess to the Internet. Use extreme caution when creating or deletingfirewall rules. Test changes after creating them to make sure they workcorrectly.