When running a router as a Wireless Bridge is it worth disabling the Firewall or just leave it alone?
Seems a bit over the top running multiple Firewalls considering the internet facing router has one...
When running a router as a Wireless Bridge is it worth disabling the Firewall or just leave it alone?
Seems a bit over the top running multiple Firewalls considering the internet facing router has one...
If you’re running WDS or a bridged protocol, you’ll need a different firewall than stock, generally much simpler.
If you’re running relayd
(which I don’t suggest unless it’s the only option), it is an IPv4-only, NAT-based hack and requires a similar-to-stock firewall.
Just the standard WDS bridge setting that comes with consumer routers on stock firmware.
You'll be ignoring the WAN-specific rules if you don't have traffic trough the WAN. They can be left for simplicity. Without VLANs over WDS or other reasons to prevent between-zone traffic, the "stock" rules are probably OK.
No such thing. While 4ADDR that WDS uses is standardized, how it is used is not. Interoperability between various implementations is far from guaranteed.
On most consumer (off the shelf) routers with stock firmware there is a box to tick to enable WDS bridge and a separate box to tick to disable the firewall/DMZ.
When you tick the box to enable the WDS bridge is it worth ticking the box to disable the firewall?
Unless someone gives me one of those 3 options i will not have the clue into understanding your post?
In the typical WDS/ 4addr repeater case (single ESSID, everything bridged), all packets bypass the firewall anyways (all traffic remains within the same zone) - so disabling it doesn't gain you anything (well, not a lot). In more complex setups you will need the firewall.
WDS: You may or may not be able to interoperate two different firmwares (such as Brand X OEM and OpenWrt, or Brand X and Brand Y) because there is no "standard" WDS.
Firewall: Needed on the router associated with your ISP connection. Probably just fine to leave as it is with an OpenWrt device working as a slaved AP over WDS with only a single VLAN or bridge.
Thanks.
You don't get a Firewall on a Dongle and i'm the only one on the bridge , that's what i was thinking.
disable it, if you know how to set static ip disable dnsamasq too. unneeded services, when disabled, free up at least some resources and allow faster device bootup