Firewall Protection Overview

Pimeleon router includes a powerful firewall that protects your network from unwanted access and malicious traffic. This guide explains how the firewall protects you and how to manage basic firewall settings.

Firewall Protection Overview

What the Firewall Does

The firewall acts as a security guard for your network, controlling what traffic can enter and leave. It:

Blocks unauthorized access - Prevents external attackers from accessing devices on your network
Controls outbound traffic - Manages what your devices can access on the internet
Prevents intrusions - Stops common network attacks and port scans
Logs security events - Records suspicious activity for review

How It Protects You

Automatic Protection:

All devices on your network are automatically protected
Incoming connections from the internet are blocked by default
Internal devices can freely access the internet
Inter-device communication on your network is allowed

Attack Prevention:

Port scanning detection and blocking
Brute force attack protection (via fail2ban)
Common exploit prevention
Malformed packet filtering

Firewall Zones

Your network is divided into security zones:

LAN Zone (Wired Network)

Protection Level: High trust
Access: Full internet access
Incoming: Blocked from internet, allowed from wireless
Use for: Desktops, servers, trusted devices

Wireless Zone (WiFi Network)

Protection Level: Medium trust
Access: Full internet access
Incoming: Blocked from internet and LAN
Use for: Laptops, phones, guest devices

Internet Zone

Protection Level: Untrusted
Access: Strictly controlled
Incoming: All blocked except established connections
Outgoing: Allowed with filtering

Common Firewall Tasks

Checking Firewall Status

The firewall is always active and protecting your network. You can view its status in the web interface:

Go to System → Security → Firewall
View current rules and active connections
Check recent blocked attempts

troubleshooting Blocked Connections

If a service isn't working, the firewall might be blocking it:

Symptoms:

Application says "connection refused" or "timeout"
Port forwarding not working
Remote access fails

Solutions:

Check recent blocks:
- Go to Logs → Firewall in web interface
- Look for blocked connections matching your issue
- Note the port number and protocol
Verify the connection is legitimate:
- Only unblock trusted services
- Research unknown ports before allowing them
- Consider security implications
Contact support if unsure:
- Describe what isn't working
- Provide relevant log entries
- Don't disable the firewall completely

Port Forwarding

Port forwarding allows external access to specific services on your network:

When to Use:

Running a web server
Hosting game servers
Remote access applications
Security cameras with remote viewing

How to Set Up:

Go to Network → Port Forwarding in web interface
Click Add New Rule
Configure:
- Service Name: Descriptive name (e.g., "Web Server")
- External Port: Port internet users connect to
- Internal IP: Device running the service
- Internal Port: Port on your device
- Protocol: TCP, UDP, or Both
Click Save and Apply

Example: Web Server

Service Name: My Web Server
External Port: 80
Internal IP: 192.168.76.100
Internal Port: 80
Protocol: TCP

Security Considerations:

Only forward ports you actively use
Use non-standard external ports when possible (e.g., 8080 instead of 80)
Keep forwarded services up to date
Monitor logs for unauthorized access attempts

Firewall Rules

Default Rules

The firewall includes sensible defaults:

Allowed:

Outbound connections from your devices
DHCP requests and responses
DNS queries
NTP (time synchronization)
ICMP (ping)
Established connections (responses to your requests)

Blocked:

Unsolicited incoming connections from internet
Port scans and probes
Known malicious traffic patterns
Traffic from blocked IP addresses (via fail2ban)

Custom Rules

Advanced users can create custom firewall rules via the web interface:

Go to Network → Firewall → Custom Rules
Click Add Rule
Specify:
- Source zone (LAN, wireless, internet)
- Destination zone
- Protocol and port
- Action (accept, reject, drop)

Example: Block Social Media

Source: LAN, Wireless
Destination: Internet
Protocol: TCP
Port: 443 (HTTPS)
Domain: facebook.com, twitter.com
Action: Reject

Performance Impact

The firewall operates at wire speed with minimal performance impact:

CPU Usage: < 5% under normal load
Latency: < 1ms added
Throughput: No reduction on Gigabit connections
Memory: ~50MB RAM

Security Best Practices

Keep Protection Enabled:

Never disable the firewall completely
If troubleshooting, create specific allow rules instead
Re-enable immediately after testing

Review Logs Regularly:

Check for unusual blocked attempts
Investigate repeated blocks from same IP
Update rules based on legitimate blocked traffic

Minimize Port Forwarding:

Only forward ports when absolutely necessary
Close port forwards when services stop
Use VPN for remote access instead of port forwarding when possible

Update Software:

Firewall rules are automatically updated
Keep Pimeleon router system up to date for latest security patches

Intrusion Detection

Pimeleon router includes fail2ban for intrusion prevention:

What It Does:

Monitors logs for suspicious activity
Automatically blocks IPs after repeated failed login attempts
Protects SSH, web admin, and other services

Automatic Bans:

5 failed SSH logins → 10 minute ban
10 failed web admin logins → 1 hour ban
Port scan detected → 24 hour ban

Viewing Banned IPs:

Go to Security → Intrusion Detection
See currently banned addresses
Manually unban if needed (e.g., you locked yourself out)

Monitoring Firewall Activity

Real-Time Monitoring

View active connections and recent blocks:

Go to System → Monitoring → Firewall
See:
- Active connections by device
- Recently blocked attempts
- Top talkers (most active devices)
- Connection protocols breakdown

Log Review

Live Firewall Log:

Go to Logs → Firewall → Live View
Watch connections in real-time
Filter by device, port, or action

Historical Analysis:

Go to Logs → Firewall → History
View trends over time
Export logs for analysis

troubleshooting

Issue: Everything is Blocked

Symptoms:

No internet access
All services failing
Recent firewall rule change

Solutions:

Check if you recently added a deny-all rule
Go to Network → Firewall → Custom Rules
Remove or disable problematic rules
Reset to default rules if needed (Settings → Reset → Firewall Only)

Issue: Specific Port Not Working

Symptoms:

One service/application fails
Others work fine
Port forward configured but not working

Solutions:

Verify port forward configuration:
- Correct internal IP address
- Correct port numbers
- Protocol matches (TCP vs UDP)
Check if internal service is actually running
Test from internal network first (bypass port forward)
Verify external IP hasn't changed (if using dynamic IP)

Issue: Too Much Logging

Symptoms:

Firewall logs filling up fast
Mostly blocked port scans
Known legitimate blocked traffic

Solutions:

Reduce log verbosity:
- Go to Settings → Logging → Firewall
- Change level from "Debug" to "Info" or "Warn"
Whitelist known sources:
- Add allow rules for legitimate traffic
- Prevents repeated log entries
Enable log rotation:
- Go to Settings → Logging → Rotation
- Keep last 7 days only

Network Overview - Understanding network zones
DNS Filtering - Complementary protection layer
Remote Access - Secure alternatives to port forwarding

Advanced Topics

For advanced firewall configuration and technical implementation details, see the internal documentation. Common advanced topics include:

Zone-based firewall architecture
Integration with IPS/IDS systems
Stateful packet inspection configuration
Traffic shaping and QoS integration
IPv6 firewall rules

Note: This guide covers user-facing firewall features. For technical implementation details and advanced configuration, see internal documentation.