Menu
What's new
By:
Filters Better Search

"Enable Firewall"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Authority

Authority

Senior Member
It's my understanding that the only "firewall" provided by Asus Routers is the inherent protection provided by NAT. So what exactly does the "Enable Firewall" button do?
 
NAT can protect your internal networks from external connections but it won't protect your router's ports, AFAIK.

I dunno exactly what "Enable Firewall" does but I'd leave it enabled.
 
Isn't "Enable Firewall" allowing the application of all the user's iptables rules, such as drop all unsolicited attempts by external IPs to connect plus all the other rules, preloaded and added?

"but I'd leave it enabled." Indeed.
 
Last edited:
Authority said:
So what exactly does the "Enable Firewall" button do?
Click to expand...
Doing a diff on the iptables rules I can see that disabling the firewall a) changes the default FORWARD policy to ACCEPT, and b) removes all the rules (about 11 in my case) on the INPUT chain that drop unsolicited traffic.

So yes, it does do something more than just NAT. ;)
 
Authority said:
It's my understanding that the only "firewall" provided by Asus Routers is the inherent protection provided by NAT. So what exactly does the "Enable Firewall" button do?
Click to expand...

It's much more than NAT. There are a lot of iptables rules in there to determine what traffic can access the router itself. Which interface can communicate together. There's also the default policies for each of iptables chains.

Without a firewall = everything running on your router would be open to the WAN, including Samba.
 
RMerlin said:
It's much more than NAT. There are a lot of iptables rules in there to determine what traffic can access the router itself. Which interface can communicate together. There's also the default policies for each of iptables chains.

Without a firewall = everything running on your router would be open to the WAN, including Samba.
Click to expand...

Got it. So in my case, I'm running double NAT, so it wouldn't really matter, and in fact might even be desirable to turn off. Thanks for the answers everyone.
 
do
Authority said:
Got it. So in my case, I'm running double NAT, so it wouldn't really matter, and in fact might even be desirable to turn off. Thanks for the answers everyone.
Click to expand...
Double nat is only if you have a modem infront of the router, and havent set it to bridge mode. Which disables the modems firewall, leaving only the routers thus preventing a conflict
 
Last edited:
RMerlin said:
Without a firewall = everything running on your router would be open to the WAN, including Samba
Click to expand...

Just remember - NAT is a firewall in and of itself...

If one doens't need to forward ports - all good...
 
sfx2000 said:
Just remember - NAT is a firewall in and of itself...

If one doens't need to forward ports - all good...
Click to expand...

NAT protects the LAN from the Internet, however it does not protect the router itself from the Internet. Don't forget that the router's WAN interface is a public routable IP.
 
You must log in or register to reply here.

Similar threads

Z
Dual WAN + Dual Firewall
Replies
11
Views
263
Tech9
Tech9
Yota
How to enable port randomization in Asuswrt-Merlin?
Replies
4
Views
377
Yota
Yota
E
Wireguard can't access devices behind asus router
Replies
5
Views
276
ZebMcKayhan
Z
L
is enabling firewall necessary (same for upnp) when on a provider with cgnat?
Replies
5
Views
568
lgkahn
L
M
wan dhcpv6 blocked by firewall
Replies
2
Views
775
M4tt
M
Similar threads
Thread starter Title Forum Replies Date
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4
M How to Enable Hardware Acceleration /RT-AX86U Pro Asuswrt-Merlin 3
M enable IPv4 over LAN Asuswrt-Merlin 11
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
Z Dual WAN + Dual Firewall Asuswrt-Merlin 11
K Asus router as adblock/firewall server (but not acting as a router) between modem and mesh routers Asuswrt-Merlin 7
M wan dhcpv6 blocked by firewall Asuswrt-Merlin 2
L is enabling firewall necessary (same for upnp) when on a provider with cgnat? Asuswrt-Merlin 5
M Advance firewall rules Asuswrt-Merlin 5
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 699 (members: 22, guests: 677)
Top