Balance 20 Confusing Firewall

Hi sorry for the newbie question.

I would normally expect to see inbound rule set to deny rather than the default allow.

My firewall requirements are really basic:

WAN -> LAN = Deny any
LAN -> WAN = Allow any
Established related traffic from LAN side to allow WAN to respond.

The help text is confusing me???

When your WANs are in NAT mode, all inbound traffic is blocked because of NAT unless you have specifically opened a port for a service (or its a system service like the web ui or the SpeedFusion Ports).

The default any/any inbound rule then passes any traffic from any remote source sent to open ports (those you have manually opened and the system service ports). If you want to restrict which remote devices can access the open ports you would change that any/any rule and supplement it with more granular firewall rules.

1 Like

Many thanks, Martin.

I didnt think they would ship with wide-open firewalls but wasnt sure.