Access Control (Rules)
An Access Control List (ACL) rule is a manually-defined rule that can accept, reject, or drop incoming or outgoing packets from your network. This screen displays a list of the configured incoming or outgoing filtering rules. Note the order in which the rules are listed. Click Security > Firewall > Access Control to display the following screen.
*The ordering of your rules is very important as rules are applied in turn.
Security > Firewall > Access Control
The following table describes the labels in this screen.
Security > Firewall > Access Control 
LABEL
Description
Rules Storage Space Usage
This read-only bar shows how much of the Zyxel Device's memory is in use for recording firewall rules. When you are using 80% or less of the storage space, the bar is green. When the amount of space used is over 80%, the bar is red.
Add New ACL Rule
Select an index number and click Add New ACL Rule to add a new firewall rule after the selected index number. For example, if you select “6”, your new rule becomes number 7 and the previous rule 7 (if there is one) becomes rule 8.
#
This field displays the rule index number. The ordering of your rules is important as rules are applied in turn.
Status
This field displays the status of the ACL rule. A yellow bulb signifies that this ACL rule is active, while a gray bulb signifies that this ACL rule is not active.
Name
This field displays the rule name.
Src IP
This field displays the source IP addresses to which this rule applies.
Dest IP
This field displays the destination IP addresses to which this rule applies.
Service
This field displays the protocol (All, TCP, UDP, TCP/UDP, ICMP, ICMPv6, or any) used to transport the packets for which you want to apply the rule.
Action
Displays whether the firewall silently discards packets (Drop), discards packets and sends a TCP reset packet or an ICMP destination-unreachable message to the sender (Reject), or allow the passage of (Accept) packets that match this rule.
Modify
Click the Edit icon to edit the firewall rule.
Click the Delete icon to delete an existing firewall rule.
Add New ACL Rule
Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control screen. The following screen displays. Use this screen to accept, reject, or drop packets based on specified parameters, such as source and destination IP address, IP Type, service, and direction. You can also specify a limit as to how many packets this rule applies to at a certain period of time or specify a schedule for this rule.
Security > Firewall > Access Control > Add New ACL Rule
The following table describes the labels in this screen.
Security > Firewall > Access Control > Add New ACL Rule 
LABEL
Description
Active
Click this switch to enable this ACL rule.
Filter Name
Enter a descriptive name for your filter rule. You can use up to 16 printable characters except [ " ], [ ` ], [ ' ], [ < ], [ > ], [ ^ ], [ $ ], [ | ], [ & ], or [ ; ]. Spaces are allowed.
Order
Assign the order of your rules as rules are applied in turn.
Select Source IP Address
If you want the source to come from a particular (single) IP, select Specific IP Address. If not, select from a detected device.
Source IP Address
If you selected Specific IP Address in the previous item, enter the source device’s IP address here. Otherwise this field will be hidden if you select the detected device.
Select Destination Device
If you want your rule to apply to packets with a particular (single) IP, select Specific IP Address. If not, select a detected device.
Destination IP Address
If you selected Specific IP Address in the previous item, enter the destination device’s IP address here. Otherwise this field will be hidden if you select the detected device.
MAC Address
Enter the MAC addresses of the WiFi or wired LAN clients that are allowed access to the Zyxel Device in these address fields. Enter the MAC addresses in a valid MAC address format, that is, six hexadecimal character pairs, for example, 12:34:56:78:9a:bc.
IP Type
Select between IPv4 or IPv6. Compared to IPv4, IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. The Zyxel Device can use IPv4/IPv6 dual stack to connect to IPv4 and IPv6 networks, and supports IPv6 rapid deployment (6RD).
Select Service
Select a service from the Select Service box.
Protocol
Select the protocol (ALL, TCP/UDP, TCP, UDP, ICMP, or ICMPv6) used to transport the packets for which you want to apply the rule.
Custom Source Port
This is a single port number or the starting port number of a range that defines your rule.
Custom Destination Port
This is a single port number or the ending port number of a range that defines your rule.
TCP Flag
Select the TCP Flag (SYN, ACK, URG, PSH, RST, FIN).
This appears when you select TCP/UDP or TCP in the Protocol field.
Policy
Use the drop-down list box to select whether to discard (Drop), deny and send an ICMP destination-unreachable message to the sender (Reject), or allow the passage of (Accept) packets that match this rule.
Direction
Select WAN to LAN to apply the rule to traffic from WAN to LAN. Select LAN to WAN to apply the rule to traffic from LAN to WAN. Select WAN to Router to apply the rule to traffic from WAN to router. Select LAN to Router to apply the rule to traffic from LAN to router.
Enable Rate Limit
Click this switch to enable the setting of maximum number of packets per maximum number of minute or second to limit the throughput of traffic that matches this rule. If not, the next item will be disabled.
Scheduler Rules
Select a schedule rule for this ACL rule form the drop-down list box. You can configure a new schedule rule by clicking Add New Rule. This will bring you to the Security > Scheduler Rules screen.
OK
Click this to save your changes.
Cancel
Click this to exit this screen without saving.