Incoming protection beyond router???

Discussion in 'other firewalls' started by bellgamin, Oct 7, 2007.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Aug 1, 2002
    At present I have SSM for outgoing, and a 4-year-old NAT router (a cheap one) for incoming.

    I recently began using Ghostwall -- just because of its ability to quickly & easily lock out the internet when necessary. (Don't ask)

    Now I am wondering, since I have Ghostwall running any way, are there any settings that I should add to it, just to augment whatever incoming protection I am getting from my NAT router?

    P.S.- I am a firewall doofus, so please make any suggested additions as simple-to-understand as possible. o_O

    Aloha... bellgamin
  2. ASpace

    ASpace Guest

    If it isn't broken , don't fix it . It is working well , don't touch it , IMO
  3. Code_Blue

    Code_Blue Registered Member

    May 2, 2007
    You can update the firmware on your router. I have a Linksys 54G that is three years old. It works great, I went to the site to retrieve the newest firmware file and the help line at Linksys walked me through it. The person was in India and was very well versed in the router. It was painless and basically made my router a brand new piece of hardware.

    Also, make sure that you are using the highest level of security offered on the router, WPA 1 or preferably 2 with a long randomly generated password. Tech help will also walk you through this.
    Last edited by a moderator: Oct 7, 2007
  4. lucas1985

    lucas1985 Retired Moderator

    Nov 9, 2006
    France, May 1968
    The default ruleset in Ghostwall is fine.
    Since it's a rule-based packet filter, you need some TCP/IP knowledge and information about your home network to tweak it (allow NetBIOS only to local IPs, bind the DNS rule to your DNS servers, etc)
  5. Kerodo

    Kerodo Registered Member

    Oct 5, 2004

    The short simple answer is: You're fine with the router covering inbound. Most likely the software firewall will never see a single unsolicited inbound packet as the router will block all before it gets there. Sure, there are rare occasions when you allow TCP on say port 80 for browsing and then a UDP packet sneaks back in via 80 also because the router is allowing anything from that IP address, but that stuff is rare and mostly harmless. For all practical purposes, I think you may rest easy. :)
Thread Status:
Not open for further replies.