DDWRT Firewall Settings Default

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester
PostPosted: Tue Apr 13, 2021 20:41    Post subject: DDWRT Firewall Settings Default Reply with quote
My firewall has been off and I was told to put in on which I have done, however I do not know what to check and uncheck once the firewall is on and you have several options and I use a VPN. I have listed all the options here and all I want to know is which one to check and which one to leave unchecked.

Additional Filters

1.Filter Proxy
2.Filter Cookies
3.Filter Java Applets
4.Filter ActiveX
5.Filter TOS/DSCP
6.ARP Spoofing Protection

Block WAN Requests

1.Block Anonymous WAN Requests (ping)
2.Filter Multicast
3.Filter WAN NAT Redirection
4.Filter IDENT (Port 113)
5.Block WAN SNMP access

Impede WAN DoS/Bruteforce

1.Limit SSH Access
2.Limit Telnet Access
3.Limit PPTP Server Access
4.Limit FTP Server Access

Connection Warning Notifier

Warning Notifier
Enable Disable

Log Management

Log

1.Enable Disable
2.Log Level

Options
Dropped
Rejected
Accepted
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12885
Location: Netherlands
PostPosted: Tue Apr 13, 2021 21:06    Post subject: Reply with quote
Good chance you are already infected so reset to defaults.

After reset, login, set username and strong password and check if a wireless password is set.

Default settings are fine to start with. So leave the Firewall settings alone after reset.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester
PostPosted: Tue Apr 13, 2021 21:11    Post subject: Reply with quote
I do not think I am infected and would just appreciate what to tick and not tick. I just erased NvRam and flashed again and with default firewall is off. Thanks.
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Tue Apr 13, 2021 21:17    Post subject: Reply with quote
How the firewall is not enabled when restored to defaults, I do not know, but I have to ask if XWRT-Vortex was ever installed on this router.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester
PostPosted: Tue Apr 13, 2021 21:29    Post subject: Reply with quote
Apologies, it was on but when setting the vPN, support asked me to turn it off but while discussing a different issue here, I was to,d it should be on. We are talking about an hour running time.
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Back to top View user's profile Send private message
manchesterblack
DD-WRT User


Joined: 04 Mar 2021
Posts: 65
Location: Manchester
PostPosted: Tue Apr 13, 2021 21:32    Post subject: Reply with quote
XWRT-Vortex was ever installed on this router.
- No.
Just flashed it a few hours ago. It was on but while setting VPN, i was asked to turn it off and that was 25 minutes ago.I honeslty just wanted to know what to tick, I do not want to flash again. Thanks.
_________________
Netgear R7000
DD-WRT DD-WRT v3.0-r50595 std (10/23/22)
Manchester
Enable dnsmasq- Yes
Encrypt DNS- NO
DNSCrypt Resolver- No Using Smart DNS
Cache DNSSEC Data- Yes
Validate DNS Replies (DNSSEC)- NO
Check Unsigned DNS Replies- NO
No DNS Rebind- Enable
Query DNS in Strict Order- Enable
Add Requestor MAC to DNS Query- Disable
RFC4039 Rapid Commit Support- Enable
Maximum Cached Entries- 1500

Smart DNS - YES

server-https https://9.9.9.9/dns-query
server-tls 9.9.9.9:853 -host-name: dns.quad9.net
server-tls 5.2.75.75:853 -host-name: dot.nl.ahadns.net
server-https https://1.1.1.1/dns-query

Additional VPN Configuration-
pull-filter ignore "dhcp-option DNS6 "
pull-filter ignore "dhcp-option DNS "

Dnsmasq Additional Options

server=/pool.ntp.org/9.9.9.9
server=/pool.ntp.org/1.0.0.1
server=/adquard-dns.com/9.9.9.9


BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Back to top View user's profile Send private message
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14221
Location: Texas, USA
PostPosted: Wed Apr 14, 2021 5:19    Post subject: Reply with quote
Maybe you should've posted your find on the internet in this thread instead of hijacking another one with irrelevant information.

https://dfarq.homeip.net/recommended-dd-wrt-settings/
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum