I found in firewall protocol utomatic created rules for blocking external IP addresses on port 22. Why has the device ssh open to the lan??? I took a port scanner and found the ports 22, 80 and 443 exposed to the wan. Because I had any firewall rule to allow these protocols from wan, there has to be a misconfiguration from factory. Hey guys, that´s a no go!
Because I found no options in web gui (as I know in standard Openwrt), I edited /etc/config/uhttpd and /etc/config/dropbear to restrict the listening interfaces
/etc/config/uhttpd:
option listen_http '<local_lan_ip_here>:80'
option listen_https '<local_lan_ip_here>:443'
/etc/config/dropbear:
just add the line
option interface 'lan'
If you working over vpn, your router remains accessible, if you using the internal lan address. Also RMS is not affected by this modifications.