This option is designed primarily for remote Network Administrators. It relies on having a Static IP and/or CIDR that is always used when accessing the server.
This option is NOT required for a personal PC, nor for a server with local console access; the Local Interface & Local IP are trusted on all ports by the Firewall for both input & output. It is most useful for those that regularly need to make remote access to the device, as the default policy on all INPUT to the external interface is to DROP packets unless another rule ACCEPTs them.
Be Careful! By default, the CIDR supplied is given full TCP access on all ports (it is placed near the top of the INPUT Chain). If you wish to narrow the access allowed, place a comment ('#') in front of this rule, and uncomment the similar rule placed within the tcp_inbound chain.
A note on IPs & CIDR:
The textbox requires a CIDR. If you want to use only a single IP, then enter it like this:
Example IP: 123.456.789.abc
CIDR for this IP: 123.456.789.abc/32