Hi there,
just received my router yesterday and I now need to setup the firewall. I’m coming from pfSense and consider myself firewall-literate. But the zones concept gives me some headaches - and I was not able to find proper documentation.
Could someone please elaborate on this topic or point me in the right direction?
Regards
Jan
This depends on what you want to do. First off, to access any of the firewall stuff you’ll have to go into the LuCI (advanced) interface, everything you need is there.
Out of the box you’re set up with LAN and WAN zones, and a firewall between them. To manage the firewall go to the Network -> Firewall menu. You access general settings, port forwards, traffic rules and custom rules from the tabs. The built-in settings are pretty basic, allowing your LAN access to the WAN, and nothing inbound, a good place to start.
If you want to set up a DMZ you’ll need to set that up yourself in the Network -> Interfaces menu, add a new interface. Assign it to a port on the router, address space, then set up custom rules for it in the firewall. If you want it to be able to access the WAN head back to the firewall settings and set up forwarding from the DMZ to the WAN. You can look at the existing LAN => WAN rule and base it on that. Then set up port forwards on that tab to your hosts in your DMZ. You mentioned you’re familiar with pfSense so you shouldn’t have too much of a problem, the UI isn’t as pretty, but everything is there.
If I wanted to control the traffic from LAN to WAN, what would I need to do? Although there is no allow all TCP from LAN to WAN rule it just works - is it an implicit allow all which I cannot see? Maybe it has something to do with how the zones are configured (input, output, forward).
What traffic are the “directions” input, output and forward referring to? How does allowing or not one of these affect the flow of packets?
the best place for a tutorial on using the Omnia firewall is OpenWRT, since the Omnia is basically a OpenWRT router. surf on over to https://wiki.openwrt.org/doc/uci/firewall
although that page talks about editing /etc/config/firewall, you can do pretty much all of that through the LuCI interface if you’re not comfortable with the command line.
Yes, that’s what I was searching for - don’t know why I did not look all this up on the OpenWRT pages. Maybe too obvious 
Don’t feel bad. I see a lot of posts here asking for help for many things that are well documented on OpenWRT’s site. I’m guessing people don’t realize or forget that the Omnia runs OpenWRT at it’s heart, a project that is several years old, has hundreds of contributors, great support forums, and lots and lots of helpful documentation. Turris is contributing it’s Omnia bits back to the project, which is great, but we can’t expect Turris to re-invent every wheel OpenWRT has already done.
Anyway, for those who didn’t already know, OpenWRT has a great site and it really should be one of the first places, if not the first, that you check for documentation on OpenWRT.
http://wiki.openwrt.org/doc/start
https://openwrt.org/
https://wiki.openwrt.org/
https://forum.openwrt.org/
You won’t find Omnia specific help but you will find all the OpenWRT support you can want.