Inbound filtering is a useful security add-on when local network services need to be made available to external users on the internet. It can limit access to known users at known addresses.
By surveying the WiFi router and observing connections, hackers can figure out who is allowed to connect to the services and then spoof those addresses in order to gain access to the exposed services themselves.
Inbound filtering, when combined with port redirection and scheduling, can mitigate the risk of hacker compromise. It cannot stop it altogether, but it can go a long way to making their lives more difficult to compromise services.
Another firewall function, inbound filtering is an effective way to restrict access to other WiFi router services, such as redirected ports or administration consoles.
Inbound filtering, if available, can typically be combined with other features on the WiFi router in order to beef up individual service security. A good example is remote administration console access. If you really need to allow remote access, typically an inbound filter can restrict access to an individual or range of addresses that an administrator would use. As we have seen, hackers can still impersonate these administrators at these addresses, but it is much more difficult for them to do so over the internet.
By itself, inbound filtering typically isn’t very robust on most WiFi routers. However, when used in conjunction with other services such as virtual servers and port redirection, filtering can be a very important ingredient in improving overall security.