Menu
What's new
By:
Filters Better Search

"Enable Firewall"

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Authority

Authority

Senior Member
It's my understanding that the only "firewall" provided by Asus Routers is the inherent protection provided by NAT. So what exactly does the "Enable Firewall" button do?
 
NAT can protect your internal networks from external connections but it won't protect your router's ports, AFAIK.

I dunno exactly what "Enable Firewall" does but I'd leave it enabled.
 
Isn't "Enable Firewall" allowing the application of all the user's iptables rules, such as drop all unsolicited attempts by external IPs to connect plus all the other rules, preloaded and added?

"but I'd leave it enabled." Indeed.
 
Last edited:
Authority said:
So what exactly does the "Enable Firewall" button do?
Click to expand...
Doing a diff on the iptables rules I can see that disabling the firewall a) changes the default FORWARD policy to ACCEPT, and b) removes all the rules (about 11 in my case) on the INPUT chain that drop unsolicited traffic.

So yes, it does do something more than just NAT. ;)
 
Authority said:
It's my understanding that the only "firewall" provided by Asus Routers is the inherent protection provided by NAT. So what exactly does the "Enable Firewall" button do?
Click to expand...

It's much more than NAT. There are a lot of iptables rules in there to determine what traffic can access the router itself. Which interface can communicate together. There's also the default policies for each of iptables chains.

Without a firewall = everything running on your router would be open to the WAN, including Samba.
 
RMerlin said:
It's much more than NAT. There are a lot of iptables rules in there to determine what traffic can access the router itself. Which interface can communicate together. There's also the default policies for each of iptables chains.

Without a firewall = everything running on your router would be open to the WAN, including Samba.
Click to expand...

Got it. So in my case, I'm running double NAT, so it wouldn't really matter, and in fact might even be desirable to turn off. Thanks for the answers everyone.
 
do
Authority said:
Got it. So in my case, I'm running double NAT, so it wouldn't really matter, and in fact might even be desirable to turn off. Thanks for the answers everyone.
Click to expand...
Double nat is only if you have a modem infront of the router, and havent set it to bridge mode. Which disables the modems firewall, leaving only the routers thus preventing a conflict
 
Last edited:
RMerlin said:
Without a firewall = everything running on your router would be open to the WAN, including Samba
Click to expand...

Just remember - NAT is a firewall in and of itself...

If one doens't need to forward ports - all good...
 
sfx2000 said:
Just remember - NAT is a firewall in and of itself...

If one doens't need to forward ports - all good...
Click to expand...

NAT protects the LAN from the Internet, however it does not protect the router itself from the Internet. Don't forget that the router's WAN interface is a public routable IP.
 
You must log in or register to reply here.

Similar threads

colourofsound
Asus-Merlin Firewall
2
Replies
24
Views
2K
colourofsound
colourofsound
B
Firewall lan - vpn?
Replies
0
Views
266
blast
B
D
Solved Windows 11 updates won't download attempted disabling router settings.
Replies
18
Views
1K
DJones
D
S
Cannot ping/skynet will not work while Firewall is Enabled.
Replies
2
Views
422
spinfuzer
S
A
Enable Web Access from WAN can't stay enabled
Replies
2
Views
273
Alipasijaner
A
Similar threads
Thread starter Title Forum Replies Date
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
H WireGuard Server "Enable NAT - IPv6" Setting Question Asuswrt-Merlin 0
D SSH - Shortcut to Enable / Disbale Wireguard VPN Asuswrt-Merlin 1
R DNS Privacy Protocol wont enable Asuswrt-Merlin 2
N Enable baby jumbo frames on pppoe connection Asuswrt-Merlin 10
A whats the command to enable routing to my secondary wan? Asuswrt-Merlin 3
B Do you enable any of the following? Asuswrt-Merlin 5
P VPN Director enable/disable rules from iPhone shortcut Asuswrt-Merlin 3
F Disable/enable NAT Loopback? Asuswrt-Merlin 4
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 702 (members: 27, guests: 675)
Top