asus ac68u firewall

[Peggino]

And I tried removing the original rules after the update. When I reverted to version 11, they reappeared, so they didn't even get deleted. I don't understand why. Thank you so far; I'll appreciate any help. I just don't get it. I've been using Merlin for two years without any issues with updates until now.

 

[L&LD]

asus ac68u firewall

"Help, please. After updating to version RT-AC68U_386.12_0, I can't add rules for the IPv4 firewall. When I try to save them, it says that the changes are being applied, but even after half an hour, there is no change. I've reset the router to factory settings, but it's still the same. I've also...

www.snbforums.com

Please list the actual steps you perform when doing a full reset, up to the point of testing the router again.

 

[Peggino]

I add them one by one. The first column is either the source IP I want to block entirely or the rule to block everything on a specific port, as I mentioned, port 54 TCP. It's nothing else. I always add them one by one, blocking the ports that my provider has open on their side, trying to protect my network at least a bit

 

[Tech9]

You perhaps found a bug in firmware, but what you are doing is not needed. You have a firewall on your router.

 

[ColinTaylor]

blocking the ports that my provider has open on their side, trying to protect my network at least a bit

The Network Services Filter doesn't block incoming ports that your provider has open on their side. The router's default firewall already does that for all unsolicited connections. The Network Services Filter only blocks outgoing connections from your LAN to the internet, not the other way around.

For example, why do you want to block port 54 TCP? Nothing on the router uses that port and I don't know of anything on the internet that does either.

 

[ColinTaylor]

@RMerlin There appears to a be a bug in the Network Services Filter in the 386 firmware. When either a source or destination port is specified in the rule the httpd daemon crashes when the change is applied. Changing the port to a range, e.g. 111:112 does not cause the crash.

 

[RMerlin]

@RMerlin There appears to a be a bug in the Network Services Filter in the 386 firmware. When either a source or destination port is specified in the rule the httpd daemon crashes when the change is applied. Changing the port to a range, e.g. 111:112 does not cause the crash.

Similar to what happened last year on 388 - Asus' closed source validation code is broken, so httpd crashes when trying to validate that no banned characters are used in the parameters being applied by a web page. I'll bypass validation for that particular page setting for now until they can fix it upstream.