TL;DR
This guide shows you how to set up firewall zones on your Gli-net router for better security. We’ll cover creating separate zones for trusted and untrusted networks, setting rules to control traffic between them, and blocking unwanted access.
Understanding Firewall Zones
Firewall zones group network interfaces (like Wi-Fi or Ethernet ports) together with a set of rules that define how traffic is handled. Gli-net routers use this to separate your home network from the internet, guest networks, and other devices.
Step 1: Accessing the Firewall Settings
- Log in to your Gli-net router’s web interface. Usually, this is at http://192.168.8.1 (check your router documentation if different).
- Navigate to Network > Firewall. You’ll see a list of existing zones and options to create new ones.
Step 2: Creating Zones
Gli-net routers typically have default zones like ‘lan’, ‘wan’, and potentially ‘guest’. You might want to add more.
- Click the Add button to create a new zone.
- Give your zone a descriptive name (e.g., ‘IoT’, ‘Trusted’).
- Select the interfaces that belong to this zone. For example:
- ‘lan’: Your main home network.
- ‘wan’: The internet connection.
- A specific Wi-Fi interface: For a guest network or IoT devices.
- Click Save.
Step 3: Setting Zone Rules
This is where you control traffic flow between zones.
- In the Firewall settings, find the ‘Zone Forwarding’ or similar section.
- For each zone pair (e.g., LAN to WAN), define rules:
- Source Zone: The network initiating the connection.
- Destination Zone: The network receiving the connection.
- Action: What happens to the traffic.
- Accept: Allow the connection.
- Drop: Block the connection (silent discard).
- Reject: Block the connection and send an error message back.
- Protocol: TCP, UDP, ICMP or All
- Port Range: Specify ports if you want to allow/block specific services (e.g., 80 for HTTP, 443 for HTTPS). Use ‘Any’ to apply the rule to all ports.
Step 4: Recommended Zone Rules
Here are some common rules for better security:
- LAN to WAN: Generally, allow outbound connections (Accept) but block inbound connections (Drop or Reject). This lets your devices access the internet but prevents unsolicited connections from outside.
Source Zone: LAN Destination Zone: WAN Action: Accept Protocol: All Port Range: Any - WAN to LAN: Block all inbound connections (Drop or Reject). This is crucial for preventing attacks from the internet.
Source Zone: WAN Destination Zone: LAN Action: Drop Protocol: All Port Range: Any - LAN to Guest: Block all connections (Drop or Reject) unless you specifically need access between them. This isolates your guest network.
Source Zone: LAN Destination Zone: Guest Action: Drop Protocol: All Port Range: Any - Guest to LAN: Block all connections (Drop or Reject) unless you specifically need access between them. This isolates your guest network.
Source Zone: Guest Destination Zone: LAN Action: Drop Protocol: All Port Range: Any - IoT to LAN: Block all connections (Drop or Reject) unless you specifically need access between them. This isolates your IoT network.
Source Zone: IoT Destination Zone: LAN Action: Drop Protocol: All Port Range: Any - IoT to WAN: Allow outbound connections (Accept) but block inbound connections (Drop or Reject). This lets your devices access the internet but prevents unsolicited connections from outside.
Source Zone: IoT Destination Zone: WAN Action: Accept Protocol: All Port Range: Any
Step 5: Applying and Testing
- Click Apply or Save to activate your firewall rules.
- Test connectivity from different zones to ensure the rules are working as expected. Try pinging devices across zone boundaries.
Important Considerations for cyber security
- Regularly review and update your firewall rules.
- Keep your router’s firmware up-to-date with the latest security patches.
- Use strong passwords for your router’s web interface.