Why is the firewall working if default inbound rule is to allow everything?


#1

Been meaning to ask this for a long time.
Surf SOHO firmware 6.3.3

Advanced -> Firewall access rules -> Inbound firewall rules
has a single rule that allows everything.
So why does the firewall block anything?

And, would my LAN be any safer if this default rule were changed to deny? I realize that this means more work when setting up port forwarding.


#2

Hi Michael,

The inbound firewall rules only apply to the following types of traffic:

  • Inbound traffic that is defined in Port Forwarding
  • Inbound traffic that is defined in Inbound NAT Mappings

So, no inbound traffic is allowed if Port Forwarding or NAT Mapping is not defined even the default inbound rule is configured allow by default.

Some deployment will use our device as link load balancer and a firewall is behind our device. So, the administrator just needs to plug and play with our device by having the default inbound rule that allows any traffic.

Hope this clear your doubts.


#3

Thank you TK.