On both 2.264 and 2.27, default firewall settings for WAN are set to REJECT. This causes the Shields Up! security check at grc.com to fail.
Solution: in Advanced Settings (OpenWRT) change firewall settings for WAN from REJECT to DROP.
Suggestion: make DROP the default in next firmware update.
can you explain a little bit more?
Having a firewall default setting of REJECT makes the router visible to probing by port scanners.
A setting of DROP keeps the router from answering port scanners, making it “invisible”. This reduces the risk of becoming a target. Routers exposed to the internet normally have their firewall set to drop unsolicited connection requests.
See https://www.grc.com/ in the Shields Up! section for the port scanning test and details.
Shields Up! results after setting the firewall to DROP:
Your system has achieved a perfect “TruStealth” rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Thanks very much! Let me have a check.
and to this date these routers still ship with these ports open