Incoming protection beyond router???

At present I have SSM for outgoing, and a 4-year-old NAT router (a cheap one) for incoming.

I recently began using Ghostwall -- just because of its ability to quickly & easily lock out the internet when necessary. (Don't ask)

Now I am wondering, since I have Ghostwall running any way, are there any settings that I should add to it, just to augment whatever incoming protection I am getting from my NAT router?

P.S.- I am a firewall doofus, so please make any suggested additions as simple-to-understand as possible.

Aloha... bellgamin

 

If it isn't broken , don't fix it . It is working well , don't touch it , IMO

 

You can update the firmware on your router. I have a Linksys 54G that is three years old. It works great, I went to the site to retrieve the newest firmware file and the help line at Linksys walked me through it. The person was in India and was very well versed in the router. It was painless and basically made my router a brand new piece of hardware.

Also, make sure that you are using the highest level of security offered on the router, WPA 1 or preferably 2 with a long randomly generated password. Tech help will also walk you through this.

 

The default ruleset in Ghostwall is fine.
Since it's a rule-based packet filter, you need some TCP/IP knowledge and information about your home network to tweak it (allow NetBIOS only to local IPs, bind the DNS rule to your DNS servers, etc)

 

Bellgamin,

The short simple answer is: You're fine with the router covering inbound. Most likely the software firewall will never see a single unsolicited inbound packet as the router will block all before it gets there. Sure, there are rare occasions when you allow TCP on say port 80 for browsing and then a UDP packet sneaks back in via 80 also because the router is allowing anything from that IP address, but that stuff is rare and mostly harmless. For all practical purposes, I think you may rest easy.