The firewall creates zones over the network interfaces to control network traffic flow.
The Network ➤ Firewall ➤ General Settings page contains the zone settings.
Enable SYN-flood protection: Checked by default.
Drop invalid packets: Unchecked by default.
Input: To accept by default.
Output: To accept by default.
Forward: To reject by default.
The Zones section showing the default settings for the firewall zones.
Port forwarding allows remote computers on the Internet to connect to a specific computer or service within the private LAN.
The Network ➤ Firewall ➤ Port Forwards page lets you define the protocol and port number to access an internal IP address.
Adding a port forwarding rule.
The Network ➤ Firewall ➤ Traffic Rules page configures the traffic rules and source NAT.
Traffic rules define policies for packets travelling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.
Firewall Traffic Rules with the default settings.
You can choose to open ports on the router or add new forwarding rules.
Source NAT is a specific form of masquerading which allows fine grained control over the source IP used for outgoing traffic, for example to map multiple WAN addresses to internal subnets.