Un-Firewall RBwAPR-2nD RouterOS Web UI on Ethernet port

The ‘Quick Set’ web UI of the RBwAPR-2nD (with R11e-LR8, a.k.a. wAP LR8 kit) router features a ‘Firewall Router’ check box.

I’m wondering how disabling/enabling translates to what command line commands.

The setting is enabled by default and I disabled it.

Unfortunately, that change isn’t listed by /system history print.

Also, the output generated by export doesn’t include anything obvious related to that setting.

So, when automating this config, what equivalent console commands do I need to use to firewall/un-block router access on the wired ethernet port?

\

Btw, I was a little bit surprised that the RBwAPR-2nD (with R11e-LR8, a.k.a. wAP LR8 kit) comes with the Web UI enabled on WLAN (which is unencrypted by default) while it’s disabled on the Ethernet port, by default. Also, the default password of the admin user is empty.

So this is really bad for obvious reasons - basically, after plugging the device in you really have to be fast to connect to it over WLAN and secure it before some evil attacker in WLAN range configures some backdoor …

Much better defaults would be to disable WLAN by default and enable the Web UI on the Ethernet port, instead.

Quickset should only be used for the initial setup, any subsequent changes should be made directly the in the appropriate sections. Selecting the firewall option will create multiple rules under /ip firewall filter, it isn’t just a single on/off item.

The original wAP was expected to be used with wireless for local access and the ethernet for connection to the Internet, hence the choice of blocking access via the ethernet “WAN” connection. I don’t know if quickset in newer versions of RouterOS detect the LTE interface and make this the WAN connection with the wireless and ethernet interfaces in a bridge as the “LAN” connection.