Showing results for 
Search instead for 
Did you mean: 

Firewall configuration on the Plusnet Hub One Router

Posts: 4
Registered: ‎02-07-2019

Firewall configuration on the Plusnet Hub One Router

hi all,


I'm looking to understand the configuration of the plusnet one firewall.

Firewall config settings are: Default, Block All or Disabled.


The log is littered with blocked traffic (both inbound and outbound)... mostly TCP reply traffic thats come in too late (to reply to the initial outbound sessions) and the router has forgotten about the session in the first place and blocked it as potential inbound initiated traffic.  Its a standard thing on even corporate firewalls (i work as a network manager), so i dont mind seeing it, but to be honest its a waste of router resources and I just want the router to go as fast as possible for gaming traffic.


I do have a few inbound port forwarders for my own servers sitting in the LAN, but i was wondering if i set the firewall to disabled, am i letting myself in for any nasty surprises.


what i THINK should happen once turning off the firewall is that:

  1. the firewall will still NAT outbound traffic as normal,
  2. still port forward inbound traffic (if a port forwarding rule fits)
  3. still block any initiated traffic inbound that doesn't hit a rule (the whole point of NAT).
  4. allow all ports outbound (which i think it does anyway?).

what i dont know is... what else i'm now not getting...

I imagine it has some basic smurf/port scan detection filters (maybe) that would be turned off....maybe some TCP attacks (wrong order / syn flood etc)... maybe a little DDOS or IP spoofing (not that i should see any RFC private ranges on the outside of the router anyway as plusnet would filter all that way before it reaches my router).


Which leads to the point... with simple NAT left running, turning off the firewall shouldn't leave me vulnerable in any way really. right?


Is that the case? are my assumptions above correct that if i select "Disabled" i'll be reducing the workload, reducing the event log bloat and in theory getting a bit more cpu and ram for the important bit (first in, first out packet routing).


answers on a postcard please.


*As a side note (if any Plusnet employee Influencers are listening) my only other wish (big wish) is that it would have QOS... even simple Quality of service would be brilliant. I play games, my girl is on youtube 24/7, my wife streams from the TV.  I'm eyeing up netgear nighthawk router with custom firmware or building a openwrt stack on a different small machine/router to avoid buffer bloat and reserve bandwidth, but those sort of things normally end up messy with multiple devices (vdsl modems doing the dsl, routers doing the qos then something else doing the wifi... 3 plugs, lots of wires and an angry wife).