General security checklist (advise needed)


I am running my home router.

Can you please advise any settings or plugins or firewall rules to make it more secure without having head ache?

Here is a general checklist:

“more secure” always depends on what “more” means and what you are doing with the device itself.
It’s pretty secure out of the box.

1 Like

to be honest the router itself is already very secure by default, is there room for more security?, yes could be, is it mandatory? no.

a classic NAT firewall is designed to talk only one way, from source/local to outside and never from outside to source, except when they talk back on the same line as a reaction to your local devices communication.

  • now it can be discussed when you want to close icmp port from the outside so that people cannot ping your router externally.

  • you can also choose to disable ssh, if you are afraid a infected device might break in locally.

  • maybe add layers of isolation within your topology with vlan?

  • maybe look into things like nextdns or adguardhome to protect more against malicious sites?

more than often it are the end devices which need protection, and there need be strong passwords set.

What is firewall if not the one in OpenWRT? I have only Android devices, no desktops, no iPhones.

How to do so?

Is there any toggle? I didn’t see it :frowning:

You mean Guest network? Done :slight_smile:

Done :slight_smile:

I believe it’s under System → Security then scroll down where it says Allow ping make sure it is unchecked, you can do this aswell for ssh.

for ssh you can also take another step to ensure its also disabled for local use:

go to System → Advanced Settings → login again → Click on System tab → Administration → SSH Access and click on delete.

if the Security option is not there in the menu then let me know this depends on the firmware :wink: it can also be done via the advanced settings.

If you are just using it for your home network (like only android devices) you are fine.
But since you asked for a general checklist - yep, a modern firewall with application detection is part of good security :wink:

Just checked I don’t see something like that :frowning:

Can I see screenshot?

Latest one. It shows me that it is up to date.

BTW checked on Mudi and Opal. No such settings…

Do you know something for Android?

ah then these routers are older :+1:

in that case you have to enter advanced settings → login → click on network tab → firewall → traffic rules, then the first rules are the ones you may want to disable.

here is a screenshot, note that I use OpenWrt with a custom theme (not the gl firmware):

IGMP you may want to disable, but only if you wish to not forward igmp from upstream this can break iptv, for Allow ping I actually show it disabled on the screenshot you may want to, but in my case I have enabled it due to the reasoning of using tracert (debugging purposes) but that does automaticly also means you are reachable from the outside for pinging.