The OfficeConnect uses a NAT + SPI firewall and supports one DMZ host. Static inbound port forwarding (Virtual Servers - Figure 4) can be done with single ports, port ranges or combinations of the two, but you can't specify TCP or UDP protocols.
Figure 4: Virtual Servers
I also found that "Loopback" isn't supported for virtual servers.
The Special Applications feature (Figure 5) also supports single ports, port ranges and combinations, plus the ability to specify a single outbound trigger port. Curiously, Virtual Servers setups can't be temporarily disabled (you must delete them to close the port(s), but Special Applications can.
Figure 5: Special Applications
Universal Plug and Play (UPnP) is supported, but disabled by default (the way I like to see it). If you do enable it, you have no control over its NAT Traversal feature and ports opened by it aren't shown in the router's admin interface.
Control over outbound Internet access (port filtering) is provided by the PC Privileges feature.
Figure 6: PC Privileges
Figure 6 gives you a flavor for the interface, and Figure 7 shows the screen for adding a privilege. Note that privileges can be defined only for individual IP addresses and all IP addresses other than those with specific privileges set.
Figure 7: Adding a PC Privilege
Note also that none of the firewall features is schedulable, a handy feature found on many competitive products.
The Status page provides a nice summary of many of the router's settings, and contains a button for doing a release / renew on the WAN connection.
Figure 8: Logging
Figure 8 gives you a flavor for what the Log page contains. It doesn't include website traffic logging, but does show wireless client DHCP leases. There are no emailed alerts, but, according to the User Guide, the front panel Alert light will be lit if the router "has detected a hacker attack from the Internet and has prevented it from harming your network".