My firewall settings is like above. I don't remember what I have changed. It probably is mostly the default settings. If in the outside network, I type my router's IP, It show an web page that says that the request was refused. This still means that the 80 port is open to the Internet, which I don't is necessary and potentially insecure.
Is this the correct setting? Can I block all unwanted traffic from the outside?
You didn’t mention any details about the error message but if it reads „Rejected request from RFC1918 IP to public server address“ you simply accessed your wan ip from within lan. It does not mean that port 80 is open towards the internet.
Some ISPs also filter certain ports themselves in their network, presumably to prevent subscribers to host services on non-business connections or to compensate for sloppy enduser security.
The default firewall settings have the router respond to an opening tcp syn from the wan side that the port is closed. If you prefer to have it to send no response, change the REJECT value in those 2 drop boxes to DROP.
I was testing an online web browser testing site (lambdatest . com), and I think I saw some page that said connection was refused when I had typed my public IP. The response I had expected was the browser's in-built page for "Website not found". The browser was probably Safari on macOS, which I am not familiar with, so maybe I mistook a browser-generated special page as a web-server generated error page. I would like to verify what actually had happened, but I have already use the short amount of daily free time (not a paying user), so I cannot test it now.
Anyway, I guess I mistakenly expected Firewall would "hide" the existence of my router ("instead of "refused", not getting any response at all, as if my router is not running on that IP), when what it by default does is "refusing" connection.