4781 questions

5854 answers

9372 comments

5704 members

0 votes
84 views 2 comments
by
Hi,

I have a RUT950 running firmware version RUT9XX_R_00.06.06.1.  In the webUI, I had set the default input firewall policy to 'drop', under Firewall>General Settings>Input. But it seems that this does not work, I have a traffic rule that would accept only SSH input to the device but other traffic such as HTTP/S, are still being accepted.

Furthermore, the firewall configurations in /etc/config, still shows 'option input 'Accept' 'under the 'lan' zone.

Please help.

Thanks,

1 Answer

0 votes
by

Hello,

Regarding your traffic rule that would accept only SSH input, you also need to disable all other rules that allow other traffic like HTTP/HTTPS.

Furthermore, it is not enough to set default input policy to 'drop'. If you need to change zone forwarding options too. If it does not work via WebUI, you could open CLI and enter command to edit config file: vi /etc/config/firewall and change your settings manually. After that do not forget to restart firewall service by using command: /etc/init.d/firewall restart

Regards.

Best answer
by
Hi,

Is the method of manually configuring the firewall config file upgrade-proof?
by
Yes, only if you upgrade firmware with keep settings option.