Question

I found in firewall protocol utomatic created rules for blocking external IP addresses on port 22. Why has the device ssh open to the lan??? I took a port scanner and found the ports 22, 80 and 443 exposed to the wan. Because I had any firewall rule to allow these protocols from wan, there has to be a misconfiguration from factory. Hey guys, that´s a no go!

Because I found no options in web gui (as I know in standard Openwrt), I edited /etc/config/uhttpd and /etc/config/dropbear to restrict the listening interfaces

/etc/config/uhttpd:
option listen_http '<local_lan_ip_here>:80'
option listen_https '<local_lan_ip_here>:443'
/etc/config/dropbear:
just add the line
option interface 'lan'

If you working over vpn, your router remains accessible, if you using the internal lan address. Also RMS is not affected by this modifications.

Answer 1

Hello,

Did you get a new and not a used device?

What is the device and firmware your device has installed?

Have you tried to perform factory reset?

Remote device access from WAN should be blocked by default. The rules for remote access from HTTP(S), SSH, Telnet, CLI, can be enabled/disabled in WebUI System -> Administration -> Access control section. 

These can also be controlled and modified in Network -> Firewall -Traffic rules.

Best regards,