For extra security, I tried setting up the firewall on my DSM as suggested in other forums, for 'All interfaces' as follows:
1. Allow LAN IP range (192.168.1.1 > 192.168.1.255)
2. Allow country (UK)
3. Deny ALL
However doing this broke the DHCP server feature, and devices on my LAN (LAN1) were not being assigned to their correct IP addresses (my DiskStation acts as the DHCP server on my LAN) and thus PCs failed to pick up the network after reboots as they were creating their own random IP addresses. I have turned those firewall options off again, and DHCP is now working again.
Andre
Andre,
use the fixed IP for each your known LAN connected devices (laptop, phones, printer,etc,...). You can get:
- cleaned IP range for your devices
- then you can better manage connections within the LAN
- then you can better analyze of unexpected activity in your LAN (logs from your router, NAS, etc)
- then you can reduce IP range of allowed IPs to your NAS (controlled by fixed IP range).
It will takes 2minutes/device, but you can get additional level of control.
Re: how to save your health by router setup (for newbies):
- if you have leased router from your ISP (Internet Service Provider) - check the vendor/model & Google - if there is known public admin account (tons of them are available). Try it if yes, contact your ISP to reset this account or change usr/psw (or just psw). Same action for your own router (but directly change the admin usr/psw). Same action for the public known user/guest accounts.
- for strong psw use >20 characters (mixed by Aa,1,#). Good attitude is to write it somewhere (bitwarden, ...)
- up to your router HW/SW, try to switch on the router level firewall (even small level of security is better as zero)
- if your router is too weak (no reset of admin account is possible) or you have irresponsible ISP (frequent situation). Purchase new one - your own. The router price is still under ransomware cost. Still you can use the old one for "bridge" connection (but not for management of your LAN).