Firewall router…necessary?


Regular Contributor
Good morning everyone,
I have always read that the firewalls of commercial routers have in fact a basic protection and that nat alone is enough to "protect" the home LAN.
I did an experiment, I put an ip of my lan in dmz without activating the firewall and I left the AIPROTECTION active.
What happened?
It happened that the only IP under attack was the IP in dmz!
So all the machines not directly exposed by the dmz remained “safe”.
Considerations on this?
Thank you all.


Senior Member
Routers that don't provide some level of protection are the exception. Unless there are settings in place to the contrary (such as a DMZ) routers will reject unsolicited connections from external IP addresses. There are commercial routers/devices that will do more, adding filtering of IP addresses, protocols, and additional rules (you could include the built-in AiProtection as a basic example).
When it comes to DMZ though, it's not just that it potentially allows unsolicited connections (ie not initiated within your network), but should device firewalls within the DMZ be compromised, those devices can potentially be used as a vector to attack other devices in the network.

*Robust and appropriate protection is good, paranoia often leads to decisions that can actually compromise security!

**Overzealous protection when you have users (such as teenagers) will often lead them to find ways around that protection - better not to use the internet as a babysitter!

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!