Firewall set up advice needed

[linseydp]

Apologies if this has been answered before but the forum search facility seems to reject the obvious keyword combinations!

Background: I've just got the 7800N and one of the reasons for purchasing this was that it came with firewall protection however I cannot see any evidence that this is active. There seem to be lots of options for specifying rules but I don't have enough knowledge to do this confidently. I have searched on the web and there seems to be a suggestion that the firewall is on by default but I can't work out what the default settings are and whether or not these are sufficient. The help documentation isn't that clear on this matter. There are also some posts elsewhere suggesting that the firewall isn't on by default. My previous router was a Netgear WN3300 and that was fairly straightforward, particularly as it had context help alongside the settings pages.

Questions:
1. Is the firewall on by default and if so, should I be seeing anything in the firewall logs. So far there is nothing.
2. What settings are included in the default if the answer is yes?
3. Does anyone have an idiot guide to help me to understand the advanced settings.

Many thanks in anticipation of help.

[billion_fan]

1. Yes the firewall is on as default, there will be nothing in the firewall log, until you create a rule and enable the log (there should be a default rule allowing all outgoing connections, all incoming connections should be stealthed
2. Answered above
3. What advanced settings are you referring too?

[linseydp]

Hi Billionfan

That's perfect - I probably don't need to know too much about the advanced settings if the firewall is on an monitoring all incoming. I don't run a server from behind the firewall just home laptops and mobile devices. Would the firewall log show if there was an attack even if rules aren't set?

[billion_fan]

Hi Billionfan

That's perfect - I probably don't need to know too much about the advanced settings if the firewall is on an monitoring all incoming. I don't run a server from behind the firewall just home laptops and mobile devices. Would the firewall log show if there was an attack even if rules aren't set?

Not that I am aware of.

[danh123]

Just for the record I have only the default firewall setup but I have firewall logging enabled and i get the following in my firewall logs

Dec 19 07:33:39 home user.info kernel: HackAttack: [SPI:Illegal connection state attack] ICMP packer from [ewan_br] 37.59.149.8 to xxx.xxx.xxx.xxx
Dec 19 09:32:41 home user.info kernel: HackAttack: [SPI:Illegal connection state attack] ICMP packer from [ewan_br] 112.253.4.205 to xxx.xxx.xxx.xxx
Dec 19 10:27:42 home user.info kernel: HackAttack: [Back Orifice Scan] UDP packet from [ewan_br] 62.24.243.4:53 to xxx.xxx.xxx.xxx
Dec 19 10:27:43 home user.info kernel: HackAttack: [Back Orifice Scan] UDP packet from [ewan_br] 62.24.202.70:53 to xxx.xxx.xxx.xxx:31337
Dec 19 10:42:38 home user.info kernel: HackAttack: [SPI:Illegal connection state attack] ICMP packer from [ewan_br] 50.115.122.84 to xxx.xxx.xxx.xxx
Dec 19 11:51:24 home user.info kernel: HackAttack: [SPI:Illegal connection state attack] ICMP packer from [ewan_br]

I assume the router is blocking this type of traffic but I am not sure. I did try this site (http://www.hackerwatch.org/probe/) and it seemed to indicate the router was blocking some ports so I hope it is working.

HTH Dan