Screenshot: almost everything on "reject".
I'm trying to make my firewall work in "allow-only" mode so that it would reject everything except the rules I put into "Traffic Rules" tab on LUCI.
But I have noticed no matter what (input-output-forward) I disable for any zone (General Settings, LAN to WAN, WAN) my LAN stilll has connection to outside (without DNS I believe) without me making any exception rules. Default rules are also deleted.
You can see that I tried disabling almost everything on the screenshot.
So how do I do what I wanna do?
I can advise you to keep the firewall on output as accept (as if you put it as reject you are limiting all the outgoing connections of your router).
For example if my lan were to allow only web traffic I would have to operate in the forward chain.
I would reject forward and then add a rule to allow web traffic (port 80 and 443).
If the web requests are from a client connected to the router
the resolution from www.google.com to 22.214.171.124
would happen on the router. And then the client connects (forward) to the resolved ip address.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.