subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
423 views 1 comments
by anonymous
Look at PNG.

In terms of security; does the firewall zone configuration setting look right?

I set up wireguard on a new RUT950 and i have the resulting configuration as shown in PNG.

1 Answer

+1 vote
by anonymous

The resulting firewall configuration is indeed necessary.

Wireguard clients must be allowed to access the internet, thus the Masquerading option, basically meaning one to many network address translation (NAT).

It also needs to accept traffic generated by Wireguard (wg0 or similar) interface. This results in Input/Output fields set as Allow.

Lastly, there has to be traffic forwarding from LAN to Wireguard interfaces and vice versa. Due to that, there is Inter-zone forwarding added between these zones.

Best regards,
by anonymous
Where is the PNG? I am wondering about custom Firewall Zone configurations also with respect to Wireguard and whether Masquerading and/or MSS clamping is necessary. I am finding that I need to make a custom zone and put the Wireguard <==> LAN mappings into it, and enable MSS clamping to get larger packets to properly fragment.