Trying to make the firewall to work in "Allow-only" mode but

Screenshot: almost everything on "reject".

Adios amigos,

I'm trying to make my firewall work in "allow-only" mode so that it would reject everything except the rules I put into "Traffic Rules" tab on LUCI.

But I have noticed no matter what (input-output-forward) I disable for any zone (General Settings, LAN to WAN, WAN) my LAN stilll has connection to outside (without DNS I believe) without me making any exception rules. Default rules are also deleted.

You can see that I tried disabling almost everything on the screenshot.

So how do I do what I wanna do?


  • Edit LAN Zone and remove forwarding to WAN; or
  • Edit WAN Zone and remove allow forward from LAN



I can advise you to keep the firewall on output as accept (as if you put it as reject you are limiting all the outgoing connections of your router).

For example if my lan were to allow only web traffic I would have to operate in the forward chain.

I would reject forward and then add a rule to allow web traffic (port 80 and 443).

If the web requests are from a client connected to the router
the resolution from to
would happen on the router. And then the client connects (forward) to the resolved ip address.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.