there is the shortcut described, but the function, too!
Quote:
[...]
The stateful firewall depends on the three-way handshake of the TCP protocol when the protocol being used is TCP; when the protocol is UDP, the stateful firewall does not depend on anything related to TCP. When a client initiates a new connection, it sends a packet with the SYN bit set in the packet header. All packets with the SYN bit set are considered by the firewall as NEW connections. If the service which the client has requested is available on the server, the service will reply to the SYN packet with a packet in which both the SYN and the ACK bit are set. The client will then respond with a packet in which only the ACK bit is set, and the connection will enter the ESTABLISHED state. Such a firewall will pass all outgoing packets through but will only allow incoming packets if they are part of an ESTABLISHED connection, ensuring that hackers cannot start unsolicited connections with the protected machine.
[...]
thats, what the SPI firewall in DD-WRT does and other softwares. _________________ RT-N66U @ Build 25697M K3.10.63
TL-WR842ND v1 @ BS-build 23919 WDS AP
TL-WR841ND @ BS-build 23919 WDS Client
TL-WR841ND @ BS-build 23919 Client Bridge ( Routed )
No, it is not useless. It gives you a "perfect stealth" rating with GRC Shields Up, unless you forward ports or otherwise open them (e.g. with UPnP).
It greatly improves computer security, seen that your devices are always behind at least one firewall. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
I don't say they solve everything, but open ports are invitations to hammering and further attacks. GRC Shields Up gives a perfect stealth status when it has no portscan evidence that behind your IP would exist anything like a computer or router. Of course, torrents and servers will reveal your IP, as ordinary web surfing also does (to the websites you access). _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
You mean non-stealth ports? As the ports would still be closed due to NAT.
Yes, I meant non-stealth ports. GRC Shields Up marks them in red and says they're open ports. It says the ports are closed if it is still able to see them, and they are stealth if it finds no evidence of the existence such port. Perfect stealth means that router does not answer ping and the GRC scanner finds no evidence that a computer/router would exist at that IP. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Can SPI Firewall be disabled if I'm just running the router in Repeater Bridge Mode and the primary router has a firewall, or does it still provide some benefit?