Firewall port opening

I have the following firewall configuration in my RUT956:

If I understand this correctly, all incoming connections should be blocked.
I want to communicate to a device with IP connected to the router via ethernet.
I want to reach the SSH port of this device from one specific public IP.
I have therefore created a traffic rule as:

And then I made a port forwarding rule in order to redirect to the SSH port of my device

After saving this, I am able to ssh into the device from the whole internet, not from my public IP only.
Why is that?


Hi, any answer on this?


Hi AlbyDallo,
if you edit the forwarding roule you can set one or more source IP adresses
(I used like this:

Timelapse Admin

thanks for your reply.
Now I see, but I feel saying this is a little confusing.
Normally port forwarding stands after traffic rules: traffic rules filter out unwanted connections to the modem, and those that are not filtered may pass through a port forwarding chain/rule.
Why we can specify external IPs also in the port forwarding rules? It should be only specified in traffic rules…? Or am I missing something?
In fact it seems that the traffic rule I have shown in the second picture of my first post is not effective at all…

Hi AlbyDallo,

the rule in your second picture says:
if a packet comes from your own WAN IP on (tcp or udp) port 43
and tries to access port 22
then ACCEPT it. So, source IP is your public IP and destination IP
is an internal address.

That’s not going to work because from your WAN IP you can’t access
the internal IP addresses without NAT. So this rule is useless.

I also suggest you disable the UDP protocol in your forwarding rule
if you don’t need it - and for SSH you don’t.

Timelapse Admin

I see, thanks for the explanation!


This topic was automatically closed after 15 days. New replies are no longer allowed.