Hello,
I have a question about my firewall setup. So far, I've not done anything specific to it. When the router was first plugged in, it asked me to set up a bunch of automatic rules, and I let it do that so I could get through the setup process.
Presently, it looks like this:
Some of this, even with my presently basic undestanding, seems a bit generous. I'm also not sure what's happening with that first System Rule (SFTP, Bonjour).
The only thing I can recall doing that struck me as strange was when I turned on automatic updates for the SRM Security Certificate from Let's Encrypt, it required me to open WAN access to the router's admin. I don't really like that, but I want automatic updates to the cert...
Presently:
I have a question about my firewall setup. So far, I've not done anything specific to it. When the router was first plugged in, it asked me to set up a bunch of automatic rules, and I let it do that so I could get through the setup process.
Presently, it looks like this:
Some of this, even with my presently basic undestanding, seems a bit generous. I'm also not sure what's happening with that first System Rule (SFTP, Bonjour).
The only thing I can recall doing that struck me as strange was when I turned on automatic updates for the SRM Security Certificate from Let's Encrypt, it required me to open WAN access to the router's admin. I don't really like that, but I want automatic updates to the cert...
Presently:
- The default admin user is disabled.
- SSH is disabled.
- SFTP (should) be disabled.
- There is an SD card in the system for Package Manager, but I have not enabled any of the file sharing options for the LAN yet.
- 2FA is required for all logins to SRM.
- Synology's DDNS service is enabled. (I'm not yet using any SRM or internal network device services when I leave my office, but in future I might. I went ahead and set this up so I could see how it worked. I'm setting up a Raspberry Pi now that might end up having some services running I want to access remotely, and I have a dynamic IP from my ISP, so...)
- I use VoIP service.
- All firewall settings are auto-generated.
- I've seen some great threads on here from people who obviously know what they're doing sharing their firewall setups. (Thanks, @fredbert !) Is there some sort of official documentation somewhere I should look at, too? Google has been less than helpful.
- Is there anything in the present list of rules I need to delete/disable?
- Is there anything I should add?