It’s my 3rd week with the RB4011 and having demoted the AX88U to AP duties, the RB4011 is doing great.
Although im using the default config for firewall rules I would like to better understand the hierarchy of the rules and what the settings mean. Some are pretty obvious but I want to further understand them rather than making do with the rules and leaving it as is. Maybe the rules are in the wrong order? Are there some missing that I should add? How do I know the router is secure? Where can I properly learn about the Firewall rules?
Firewall rules are kind of self-explanatory, when you read the names like src-address, dst-address, in-interface, out-interface, action, etc.., it’s not difficult to understand what they mean.
How packets travel through firewall may be less obvious, but that’s why we have this nice diagram (it’s part of larger diagram from the beginning of the page, but rather don’t look too much at that one, it can be scary at first):
In each chain, rules are processed from top to bottom, first matching rule is used and processing in that chain stops (except in mangle, where rules can have passthrough=yes to continue even when they match).
Default action (if none of rules in chain matches) is accept. It’s important in filter, if you don’t block something, it’s allowed.
When looking at NAT rules: only two of rule properties are action properties: to-address and to-ports (and that’s true both for src-nat and dst-nat). All other properties are selection properties which define whether particular NAT rule gets executed for a packet or not.