Hello, This is my first time to use openwrt, I've successfully installed it on my router Archer C7 AC1750 v5 and everything worked perfectly. My question is what is the second step I should do to protect the network?
Thanks 
from what ?
most of the threats out there, go for the clients behind the router, not the router itself.
if you want to be 100% safe, disconnect it from internet ...
Sorry, I use a translator because English is not my language. What I meant, are there steps that I should take to strengthen the network protection? For example something else for the firewall?
Well the most common treat today is probably botnets living in routers and IoT doing global mega huge DDoS attack bigger than every attack ever done in the past since more and more routers and IoT join in to the party every day.
1 Like
Have you looked at the hardening device instruction in the user manual on openwrt.org?
But you could at least start with a password to the router as second step.
1 Like
the firewall is fine as it is, what worries you, specifically ?
1 Like
The firewall is already quite robust for normal home/small office use. You typically don't need to modify it unless you have a specific threat you're trying to address.
Everything else depends on your goals/concerns... do you have lots of IoT devices? how much do you trust those devices to be up to date on security and not doing shady things? What about other users on your network -- do you trust the users and their devices? You can consider those things -- sometimes making dedicated networks (VLANs) can be good if you want to protect certain types of devices from others... but again, depends on what your concerns are.
2 Likes
Yes, I followed most of the threads there.
Thanks so much for your reply. I just use it for home network nothing shady. The reason I use openwrt is I am looking for privacy for me and my family.
Nothing I thought i have to do something.
OpenWrt won't really give you that, more than the stock fw, out of the box.
Nor will a VPN tunnel (just mentioning it, since some people tend to think they do).
To be clear, I'm not suggesting you would be doing anything shady... but rather other people or devices on your network. For example, if you have guests that have poor judgement regarding internet safety (i.e. prone to click on links that might install malicious software on their device), their device may not be trustworthy and could be a risk to yours if they join your network. Or, if you have an IoT device (say a smart fridge) that connects to a cloud service and you don't trust the vendor to keep up-to-date with security patches for the IoT device in your home and/or their cloud service, you might want to have a separated IoT network to keep your more trustworthy devices safe.
3 Likes
If you have done the hardening instruction I then don’t see that you have much more to do than to actually use your router and continue surfing online as usual.
Next step usually becomes when the user after a while wants to separate different network devices with a multi VLAN setup.
But a muli VLAN setup doesn’t protect from treats from the internet, it is still the same firewall for everyone. VLAN only protects from lateral movement inside of your network.
Airgap attacks still exists, so disconnecting from the internet is not a solution. 