Default outbound policy

Discussion in 'Tomato Firmware' started by Gromit, Feb 7, 2012.

  1. Gromit

    Gromit Networkin' Nut Member


    I'm interesting in buying a "good" router in order to use Tomato, but just a stupid question ...
    What is the default policy for the outbound traffic (LAN to WAN) ? Is it DROP ?

    With the topics I already read, I think it's "allow" and we can block some ports (towards WAN) in the "access restriction" GUI.
    I'm wrong ?
    I used to block everything (for outbounf traffic) by default and after this, to open some ip:port as destination.
    Is it possible to work like this with the Tomato firmware ?

    Thanks for your advices, and sorry if this question had already been fixed on the board ...
    Have a good day.
  2. Gromit

    Gromit Networkin' Nut Member


    Sorry to up this question, but can anyone tell me what's the default policies between interfaces ?
    I can't find screenshot showing the ability to open ports towards internet and close others.
    Thanks a lot,
  3. Porter

    Porter LI Guru Member

    To display the policies of the chains use

    It's possible to modify the firewall by hand. Look under Administration/Scripts/Firewall. But you will have to know your way around iptables.

    Apart from that I actually have wondered whether it's always a good thing that Tomato doesn't restrict outgoing traffic. For instance, my computer seems to send out traffic on port 137 sometimes (no trojan, ich checked). That's traffic that shouldn't leave your local network.
  4. Gromit

    Gromit Networkin' Nut Member

    Hello Porter,

    Thanks for your answer.
    So, by default, it's ...

    Chain INPUT (policy ACCEPT)
    Chain FORWARD (policy ACCEPT)
    Chain OUTPUT (policy ACCEPT)

    And it's possible to write my own rules. I'm right ?

    I can't verify because, at the moment, I don't have a good router which can support Tomato firmware.
    I just plan to buy it, so I try to think, by advance, how I'm going to integrate it in my network.
  5. Porter

    Porter LI Guru Member

    The policies you pasted are not the default ones, but that is unimportant, since you can change them. Tomato is running linux and therefore is highly customizable.

    You can either google for an iptables guide in your own language or start with the ones the developers of iptables provide:

    If you want to buy a router probably buy a used one over ebay.
  6. Gromit

    Gromit Networkin' Nut Member

    Yes, I'm going to write something which allow just some outgoing traffic and block everything else.

    I wanted to find a Netgear WNR3500L. From what I've read on this board, it seems to be a pretty good choice.
    We'll see what I find !
    Thanks and have a good day.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice