Info Port forwarding rules not have to generate firewall rules

Currently reading
Info Port forwarding rules not have to generate firewall rules

fredbert

Moderator
NAS Support
Subscriber
1,599
669
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I just noticed the Setting button on the General tab of Network Center's Port Forwarding page.

Throwing caution to the wind I clicked it and found three options. Two are for UPnP and I have UPnP disabled, but the third, when enabled, will auto-generate firewall rules for the port-forwarders.

I would say that most times this is useful provided you normally want to accept any source IP communicating with the local destination. It's easy to add a restrictive rule and then an any/any/deny below it which will stop the auto-rule from being hit. Of my port-forwarders I've got one out of nine rules that I do this. But if you normally apply restrictions to port-forwarded service then disabling this Settings option is probably a good thing to keep the firewall policy clean.

I have lots of restriction rules at the top of my firewall policy that does the pre-filtering for all services.
 

fredbert

Moderator
NAS Support
Subscriber
1,599
669
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Just to add that this setting is enabled by default. So my point is that sometimes it may be better to disable it if you have lots of rules where any/LAN device/accept is not what you want to allow, such as 'some sources'/LAN device/accept.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top