I hope this is an easy one…
The Peplink boxes by default have an “allow all” inbound rule on the WAN, but this generally doesn’t have any type of effect until you enable something like port forwarding.
My question is how do these rules interact with other settings in the UI?
I’d like to generally setup a “block all” inbound, as usually when we do a port-forward, it’s to reach some internal device that’s not for general public access. So how do these things below interact with the firewall rules?
- WAN management rules (System -> Admin Security -> Allowed Source IP Subnets)
- Allow ping (and hopefully other necessary traffic for MTU path discovery) under (Network -> WAN -> connection -> Reply to ICMP)
- PepVPN - not even sure what port this uses
- Stateful NAT entries - do I need to deal with this at all or are replies to my outbound LAN traffic allowed back in before these rules?
- Other traffic that should be allowed (ie: ICMP needed for PMTU to work, etc.)
Is my question clear? Basically can I assume that my manual inbound rules are sort of “after” whatever default rules are already there to make all of the above function, or do I need to manually allow things like https management, pepvpn, etc.?