Hello,
I have recently purchased the Peplink Surf SOHO MK3 and have been working to perform initial configuration. I have been following the recommendations from routersecurity.org’s initial configuration page to do this.
I have come across a few things about the Peplink’s firmware that I don’t understand very well and am hoping to get some clarity here. I am running firmware version 8.1.1
-
Under Advanced → Firewall → Access Rules, there is one default rule for Inbound Firewall Rules. This rule states: Protocol Any, WAN Any, Source Any, Destination Any, Action (green check mark - allow). This is concerning to me as this seems to default to allowing all inbound traffic through the firewall. Am I understanding this default rule correctly? I would rather have expected the Inbound Firewall to block all traffic by default.
-
How can I tell if a particular outbound port number is being blocked by the firewall?
Thank you.
Hi. As to your first question: No, you don’t have it exactly correct. The NAT feature of the router will block unwanted inbound traffic. The rule you cite is logical unless you have additional requirements. The firewall rules may be thought of as “in addition to” the NAT function.
As to your 2nd question: The firewall is probably not blocking any ports unless you have instructed it to do so.
Is there a particular performance of security issue that has your attention?
The source your cite is good and the author has a lot of experience with SOHOs.
Rick
Thank you for your reply Rick.
Can you provide more detail on the NAT feature you referenced? I don’t recall seeing that mentioned in the materials I’ve reviewed so far. What does NAT stand for?
Thank you.
Hi. Let me lead you to a couple of resources rather than try to explain. See
here and here, for example. NAT is a feature of virtually every router – unless you disable it.
Your confusion about the default state of the router in regard to unsolicited inbound traffic has been shared by others. The default is secure, the wording is confusing. By and large, the inbound firewall rules only apply to data that comes in via port forwarding. These rules are a great feature as it lets you log all uses of the forwarded port or add restrictions as to who can use the forwarded port. Really nifty. As Jerry Seinfeld said in the last century, you are master of your domain 
That said, I just lied. The inbound rules also apply to drop-in mode and NAT mappings as per the question mark in the blue circle. Beats me what those features are, but they don’t come up in normal use.
The router does not block outbound ports by default. A review of the outbound firewall rules will tell you which ports are blocked. That said, a VPN and Tor both bypass these blocks.
