Saturday, April 20, 2019

Tighten Up OpenWRT

To my surprise, the default firewall rules using in OpenWRT is not as strict as I would wish for.  The default setup fails the SheildsUp Port Scanning test.

Luckily, the steps to rectify this is very simple, and they are (as found in https://www.techrapid.uk/2017/04/hardening-openwrt-security-grc-shieldsup.html):

Step 1: Open router web interface 
  1. Select tabs Network - Firewall
  2. Select General Settings
  3. In wan:wan ?  DROP
  4. Change input to drop, forward to drop
  5. Press save & apply
Your router now passed from Solicited TCP Packets and Unsolicited TCP Packets test

Step 2: Drop all WAN ping reply 
  1. In Firewall tab
  2. Select Traffic Rules
  3. In Allow ping select edit
  4. Select action to drop
  5. Press save & apply
Your router now passed from Ping Echo test.
Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)