Questions about firewall config (and a quick one about WPA2)
Posted: Fri Jun 07, 2013 6:27 pm
Hey. I just took the plunge and flashed Gargoyle 1.5.10 to my WR1043ND. Everything looks peachy, except I have some questions. First off, and this is an easy one - I assume the "WPA 2 PSK" uses AES, right? I mean that would be the logical thing, but wanted to check anyway.
Second, I'd like to know if there are any tutorials on what each option in /etc/config/firewall does. I've taken a look at the OpenWRT wiki page on the matter, but that's quite complicated and convoluted. Yes, it probably features all possible options, but doesn't actually explain the defaults, if you know what I mean. I also saw that there are some Gargoyle-specific settings relating to the firewall.
What I'd like is to understand the defaults, and possibly get a guide to see what I could change (granularly).
For example, in the default config the router responds to ICMP requests. Yes, it rejects them, but I'd like it not to respond at all (stealth and all that). The TP-LINK firmware has a handy option "Ignore ping from WAN", I checked it - and it's done. However, I tried editing the relevant ICMP entry in /etc/config/firewall, from 'REJECT' to 'DROP' and there's no change. (Btw, feature request - add an easy to use toggle for this).
What I'd basically like is to find out how much more (or less) secure the default Gargoyle firewall configuration is compared to the TP-LINK firmware I'm coming from (where I did enable the firewall, SPI, DDos protection, and disabled every "passthrough" option in there). And how I can easily change things.
I have googled this a bit, and did not find anything satisfactory on the matter. People seem to be a lot more preoccupied with QoS and stuff like that rather than the firewall. Well, I'm different (the connection is so good I don't really need QoS), so I thought I'd ask here.
Thanks a bunch in advance.
Oh, and to the devs - thanks for amazing work on this project.
Second, I'd like to know if there are any tutorials on what each option in /etc/config/firewall does. I've taken a look at the OpenWRT wiki page on the matter, but that's quite complicated and convoluted. Yes, it probably features all possible options, but doesn't actually explain the defaults, if you know what I mean. I also saw that there are some Gargoyle-specific settings relating to the firewall.
What I'd like is to understand the defaults, and possibly get a guide to see what I could change (granularly).
For example, in the default config the router responds to ICMP requests. Yes, it rejects them, but I'd like it not to respond at all (stealth and all that). The TP-LINK firmware has a handy option "Ignore ping from WAN", I checked it - and it's done. However, I tried editing the relevant ICMP entry in /etc/config/firewall, from 'REJECT' to 'DROP' and there's no change. (Btw, feature request - add an easy to use toggle for this).
What I'd basically like is to find out how much more (or less) secure the default Gargoyle firewall configuration is compared to the TP-LINK firmware I'm coming from (where I did enable the firewall, SPI, DDos protection, and disabled every "passthrough" option in there). And how I can easily change things.
I have googled this a bit, and did not find anything satisfactory on the matter. People seem to be a lot more preoccupied with QoS and stuff like that rather than the firewall. Well, I'm different (the connection is so good I don't really need QoS), so I thought I'd ask here.
Thanks a bunch in advance.
Oh, and to the devs - thanks for amazing work on this project.