config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
This is the default firewall rule of my router. I don't understand why input traffic is rejected. option input
is the traffic flows from the wan
zone to the router. If it is set to REJECT
, then how can a web server on the Internet sends back the data when I make a request from lan
zone?
Furthermore, if we have input
traffic from lan
zone to router set to ACCEPT
, then the output
traffic from the router to wan
set to ACCEPT
as well (as above), then what is the purpose of the config forwarding
rule:
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config forwarding
option src 'lan'
option dest 'wan'
From my understanding, the traffic shall be forwarded from lan
to the router, then from the router to wan
anyway.