Default firewall rules

In Network > Firewal > Traffic Rules there are

  • Allow-MLD
  • Allow-ISAKMP
  • Allow-IPSec-ESP

can someone explain what are these, why they are accepted/forwarded by default on openwrt, and why would I want them allowed ?

1 Like

MLD is enabled to receive the multicast packets on the wan link.
ISAKMP and IPSec-ESP are allowed to enable IPSec tunnel. It is part of IPv6 protocol to enable encryption end to end.
If you don't use IPv6 you can disable them, however it doesn't hurt leaving them.
If you enable IPSec tunnel in a lan host over IPv4, you'll need to forward those ports.

5 Likes

thanks! one question, end to end encryption on ipv6 for what? http?

For everything.
http://ipv6now.com.au/primers/IPv6PacketSecurity.php

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.