tl;dr the GL-AR750 “Creta” firewall is visible on the Internet, for unsolicited packets from the Internet to the WAN, those packets should be DROPped instead of REJECT
My GL-AR750 is being used as an Internet gateway (Network Mode Router)
Using GRC ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling , I can test that my device is visible on the Internet. Among the first 1024 ports (option All Service Ports), nearly all ports are CLOSED (they should be all be STEALTH). And the device responds to pings. This means my device is replying to anonymous devices on the Internet. This invites many problems.
In the underlying firewall rules, unsolicited packets from the WAN should by default go to target DROP. Currently, they are going to target REJECT. ICMP pings should be DROP
Using firmware OpenWrt 19.07.8 r11364-ef56c85848 / LuCI openwrt-19.07 branch git-21.18e9.23240-7b931da