I'm new to the Firewalla ecosystem so bare with me, I've got the Purple device (which BTW I really like), I've got the FW setup in Router mode, with an ISP modem on the WAN side, then the FW to LAN... All incoming Internet traffic is blocked with a few selected ports being forwarded to a couple of NAS devices on my LAN. What I'm seeing however in Flows is lots and lots of blocked Inbound UDP port 1024 attempts from all around the globe being blocked (counted about 159,058 blocked flows in 24hr) not every attempt is on port 1024 but there is a big majority of them.
They are being blocked, which is great, but, what I want to know is a little more detail if they are port scanning or brute trying this (and other) ports on my WAN ip address.
Next (i've added a screenshot of my Rules), can I block ALL access to countries other than one I select (ie. I just want Inbound traffic from United Kingdom) which allows legit people who access my specific port forwards in (as these will be people in the UK) and block any attempt if they were say in Russia etc. With so many blocked inbound flows 1. Is this slowing down the performance of my FW, 2. Could there be a possibility that 1 or more of a blocked inbound attempt may be seen as legit (which is why I want to block all countries except the UK) to help minimize attempts that might get through from outside the UK.
I come from using a Synology RT router which allows you to block at a Port Forward level access to the forward only if your coming from a specified country (ie. GB).
I think i've got things setup correctly, but please let me know if not or you want to see more specific settings.
Please sign in to leave a comment.