Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Can't delete firewall rule on RT6600ax

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

58
10
NAS
DS920+
Router
  1. RT6600ax
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
Hey,

I been using Synology RT6600ax last few months and it works great for me :)

I just noticed one firewall rule "allow from lan" can't be deleted, can't be moved:
1686413732663.png


Everytime i try to delete or edit this rule i see "Loading button"
1686413484351.png
but nothing happens...

I tried to reset router to defaults then i used my last backup to restore (because i don't want to setup again from the begining) and this rule still can't be deleted/edited.

I hope someone can help me how to fix it.

Thank you!
 
Can you edit it to resolve the warning.... and then delete it?
 
Things I would try (I’m not at my router and can’t remember if somethings are supported or not, I’m having breakfast. Then I’m going for a walk before it gets too hot)…

1. Can the firewall be switched off? Switch it off and on: is the rule still there/now editable?

2. Edit the firewall rules:
Do a backup of the router, twice. Then change the extension of one of the backup files to .zip. You can now open it and find the file that has the firewall configuration with rules. See if you can find the rule with the problem. The second backup is to have an unmodified archive in case you modified the first.​

Make a new rule on the router that is configured how you would what this rule to be, with the interfaces set.​
If the firewall can be switched off: switch it off. Next SSH onto the router and go to that same file and you should be able to edit it so the rule now has the interfaces defined, as per the new rule you made. Switch on the firewall or reboot the router.​
Is the rule now editable?​
Any issues and you can restore the router from the backup Archive.​

Looking at your firewall rules I’m surprised your auto-generated rules for port forwarders are getting any hits since you have an ANY/ANY/ANY/ANY/ANY/ANY/DENY rule above them. I gave up on the auto-generated rules and made my own that are in the right place in the firewall policy, and they can have restrictions on who can access them. Once I’d created my rules I went to Port Forwarding and disable the option to add matching rules in the firewall policy.
 
Looking at your firewall rules I’m surprised your auto-generated rules for port forwarders are getting any hits
Most of these rules make little sense. If the OP does not understand specifically why the rule exists it should be disabled until a specific need is identified and understood. Synology has a bad habit of automatically opening far too many ports, and as a result reduces network security.

As fredbert stated, do not permit the router to self-manage port openings.
 
Specifically in the Port Forwarding there’s the default enabled setting to add a matching firewall rule. Without the firewall rule the forwarder won’t work, but the default rules (the grey ones without checkboxes at the end of the firewall policy) are always Any Source/Allow.

Once you have these automatically generated rules you can create matching ones but set the source to be more limited (if you like), and also you can put them in the firewall policy at the right place. When you’re happy then you can disable the Port Forwarding’s auto-firewall rule feature, and this will remove those rules from the end of the firewall ruleset.

After doing this a couple of times you’ll probably understand what it’s doing and you can add other port forward rules and know how to add the corresponding firewall rule.

Why is this useful? I have a case where I run Mail Server but only to maintain an archive of messages sent from my email service provider. So I have a port forward rule for SMTP to Mail Server but the source is restricted to only allow from my email service provider’s IP range. I can either have a next rule to deny all other sources to SMTP, or the end rule of the ruleset will catch it with and Any Source/Any Destination/Deny rule.

Plus the four rules at bottom of the Firewall window are all set to Deny. @ThinkYEAH it looks like you might have them set to Allow, at least the first rule is shown as Allow in your screenshot.
 
I have setup from zero, thanks for trying to help.

Thread can be closed now.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi, I discovered in the firewall interface that I constantly have packets on the port corresponding to the...
Replies
0
Views
129
I was able to implement vlan network segmentation overnight while I was in another state remotely...
Replies
8
Views
347
With SMTP servers if they are where your domain is resolving to for mail then you can’t really block which...
Replies
4
Views
1,309
All. One minute I can see where to post then I look away and its gone (ok down off the page under...
Replies
0
Views
1,010

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top