- 4
- 1
- Operating system
- Windows
Ok, I thought I finally had things set up securely but now firewall isn’t blocking properly. Using SRM 1.2.5 (This post ties to @rkruz3 do firewall prevent IPs from reaching TP and firewall blocks still reach TP re: IP range block including @fredbert reference to The Other Place post specific to country blocks.) I’ve had my “region” firewall deny rules set up for over a year and just occasionally update within country “specific IP range” deny rules when blacklisted IPs trigger in Threat Prevention. Except for occasional 1 or 2 out of country triggers in TP, firewall seemed to be working until recently. (I use IPVOID) Anybody with ideas for when rebooting router doesn’t clear glitches? Are my firewall rules creating a security issue in background?
Brief timeline:
8/4/22 rebooted router; verified firewall working within seconds when hits show in rules, firewall has occasionally not “started” after a router reboot as evidenced with no hits for rules and hundreds of triggers in TP
8/11 TP trigger from NL
8/29 TP trigger from RO
9/6 TP package updated
9/7 TP trigger from BE
9/10 TP trigger from GB
9/15 TP trigger from NL
9/28 rebooted router; 12 different blacklisted IP triggers in TP within 2.5 min, firewall didn’t work after reboot; tweaked a rule and saved firewall settings, firewall hits started immediately
9/29 TP trigger from NL and UA
10/3 TP trigger from NL, RU, UA, and TH plus (for first time in last year!) TP trigger of a within country blacklisted IP, firewall rule set up over year ago for that specific range. That’s 3 separate firewall rules that failed, rule 1, 2 and 7.
NOTE: All countries above should’ve been blocked in firewall rules and all destination IPs are the router.
My situation:
Not sure if this is “normal” for others but since I first put in router 2ish yrs ago I get 2-5000 hits on firewall a day, mostly in top 10 rules, 5 of which are “region” deny. Every time I update firewall rules I have to unplug incoming Ethernet otherwise I get hundreds of triggers in TP until firewall finishes saving and even then, sometimes firewall doesn’t work until I make a change and resave. (rebooting router doesn’t always get firewall working and yes I have to unplug ethernet for this too) Good news after recent TP package update is that I’m not getting barrage of STUN binding requests, Woohoo!
Bad news is, firewall seems glitchy. I can confirm that firewall reacts before TP and has since I bought router and started testing. Am I the only one with this level of traffic?
My settings:
Don’t allow UPnP, don’t have any port forwarding, and most services disabled. Haven’t set up VPN until sure router is secure. After lots of trial and error and consulting other postings on this forum I settled on firewall rules that seem to work though I’ve thought all along that they really shouldn’t since they are all “deny” and it’s made me nervous I’ve created some odd code glitch/loop. I know rules are applied top to bottom and “The guiding principle is to allow only the needed traffic and deny the rest.” However, if I “Allow” my country recommended on Synology site and thereby block the rest, I get hit with hundreds of triggers in TP. Even if I put this rule below all the known blacklisted IPs within my country. It seems to broadcast router is wide open or something. So, only thing that works is:
Firewall Rules
– they are all TCP/UDP and source port, destination IP and port are all “Deny”
1.Multiple “region” rules Ex. Source IP: Region = 15 countries per rule (BE, BG, CN…)
2. Blacklisted IP ranges within my country Ex. Source IP: Specific IP, IP range = xxx.248.133.0 – xxx.248.133.255 (nearly 30 of the 60+ rules get triggered daily)
3.All four default rules at bottom are “Deny”
Is there a better way to deal with barrage of hits to router?
Brief timeline:
8/4/22 rebooted router; verified firewall working within seconds when hits show in rules, firewall has occasionally not “started” after a router reboot as evidenced with no hits for rules and hundreds of triggers in TP
8/11 TP trigger from NL
8/29 TP trigger from RO
9/6 TP package updated
9/7 TP trigger from BE
9/10 TP trigger from GB
9/15 TP trigger from NL
9/28 rebooted router; 12 different blacklisted IP triggers in TP within 2.5 min, firewall didn’t work after reboot; tweaked a rule and saved firewall settings, firewall hits started immediately
9/29 TP trigger from NL and UA
10/3 TP trigger from NL, RU, UA, and TH plus (for first time in last year!) TP trigger of a within country blacklisted IP, firewall rule set up over year ago for that specific range. That’s 3 separate firewall rules that failed, rule 1, 2 and 7.
NOTE: All countries above should’ve been blocked in firewall rules and all destination IPs are the router.
My situation:
Not sure if this is “normal” for others but since I first put in router 2ish yrs ago I get 2-5000 hits on firewall a day, mostly in top 10 rules, 5 of which are “region” deny. Every time I update firewall rules I have to unplug incoming Ethernet otherwise I get hundreds of triggers in TP until firewall finishes saving and even then, sometimes firewall doesn’t work until I make a change and resave. (rebooting router doesn’t always get firewall working and yes I have to unplug ethernet for this too) Good news after recent TP package update is that I’m not getting barrage of STUN binding requests, Woohoo!
Bad news is, firewall seems glitchy. I can confirm that firewall reacts before TP and has since I bought router and started testing. Am I the only one with this level of traffic?My settings:
Don’t allow UPnP, don’t have any port forwarding, and most services disabled. Haven’t set up VPN until sure router is secure. After lots of trial and error and consulting other postings on this forum I settled on firewall rules that seem to work though I’ve thought all along that they really shouldn’t since they are all “deny” and it’s made me nervous I’ve created some odd code glitch/loop. I know rules are applied top to bottom and “The guiding principle is to allow only the needed traffic and deny the rest.” However, if I “Allow” my country recommended on Synology site and thereby block the rest, I get hit with hundreds of triggers in TP. Even if I put this rule below all the known blacklisted IPs within my country. It seems to broadcast router is wide open or something. So, only thing that works is:
Firewall Rules
– they are all TCP/UDP and source port, destination IP and port are all “Deny”
1.Multiple “region” rules Ex. Source IP: Region = 15 countries per rule (BE, BG, CN…)
2. Blacklisted IP ranges within my country Ex. Source IP: Specific IP, IP range = xxx.248.133.0 – xxx.248.133.255 (nearly 30 of the 60+ rules get triggered daily)
3.All four default rules at bottom are “Deny”
Is there a better way to deal with barrage of hits to router?
