I am a bit uncomfortable with the following config in /etc/config/firewall
:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
I feel that means I give too much access to an interface I would have forgotten to add to a zone.
Knowing that I have set all my interfaces inside zone, that I have configured appropriately, is it ok to configure the defaults in the following way:
config defaults
option input 'REJECT'
option output 'REJECT'
option forward 'REJECT'
option synflood_protect '1'
A specific doubt that I have is for the router itself. Given that it is not in a zone, will it be governed by these defaults value? So setting OUTPUT to reject would mean it cannot access the internet and INPUT would mean it cannot access the LAN? If that's the case, should I add my firewall to a specific zone (how?) so that I can set defaults to REJECT?
Thanks!