I just got OpenWRT up and running this afternoon and am very impressed. Of course I got the power I was looking for but was surprised not to be getting snagged on too many rough edges. (i.e. nice and polished experience 'out of the box') One area I was a bit surprised by were some of the default firewall settings / rules... I was expecting (and myself prefer) the defaults to be a bit more paranoid. For example:
Under Network->Firewall->General Setttings->Zones->wan the default was reject/accept/reject rather than drop/accept/drop.
Under Network->Firewall->Traffic Rules there are a bunch of (IMO) unnecessary rules enabled by default. I assume each of these has a reason but haven't found anything that goes through rule-by-rule and the 'why' of them. (I did track down this: https://forum.archive.openwrt.org/viewtopic.php?id=62743 which mentions the ICMPv6 rules)
I assume there was a very good reason for the defaults to ship the way they are, so I guess I'm asking if there's any documentation out there as to why these are the recommended defaults vs. being a bit more locked down?