[Cerowrt-devel] saner defaults for config/firewall

Vincent Frentzel zcecc22 at c3r.es
Thu Feb 20 18:25:23 EST 2014

Hi everyone,

After installing ceroWRT the first thing I did was to reconfigure the
firewall as shown attached. My router is used as home gateway and I wanted
to lock down the device a bit.

The changes are introduced are as follow:

- LAN (s+) to/from GUEST (g+) is not allowed.
- GUEST to ROUTER is restricted to DNS/DHCP/NTP.
- I've tuned the basic IPV6 rules to take the above changes into account
and allow proto 41 INPUT for 6to/in4 tunnels.
- LAN to/from ROUTER everything is allowed.

This could be a nice default config.

Feedback welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140221/1a1ed5b2/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firewall
Type: application/octet-stream
Size: 3569 bytes
Desc: not available
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140221/1a1ed5b2/attachment-0002.obj>

More information about the Cerowrt-devel mailing list