Excellent

I haven't got nmap running yet. It seems not to like Mavericks and my laptop is in another room.

It was too good to be true. Somehow that again blocked outgoing traffic, but only with new connections. Chrome still worked, but other applications did not. Disabled DoS and they started working again.

I'm still at square one. I do have the remote management disabled I believe.

One of the limitations of the Draytek firewall is that it doesn't allow blocking traffic to the WAN from outside the WAN in the rule sets.

I'll scan later tonight and let you know which ports I can see on mine.

So what I'm trying to achieve (and have done so on every other brand of router) can't be done on DrayTeks?

Odd definition of a firewall.

I haven't found a way of blocking specific external IP addresses from accessing the WAN interface - any or all ports.

You also can't disable Telnet, FTP, SSH, HTTP and HTTPS administrative access to the router from internal LAN clients by disabling those protocols or firewall policies. If, for example, you have a staff LAN/VLAN and an admin LAN/VLAN and only want computers on the admin network to be able to access the admin pages of the router you're stuffed.

Another bug which irks me is that when you add local admin users they log into the router using their own name and password but the syslog only logs "admin" as the user. You also can't rename the default admin account.

I'm still getting to grips with a few things!

On the whole, I'm very pleased with the Drayteks but there are a few things which haven't been thought through.

Edited by caffn8me (Wed 19-Mar-14 01:05:49)

They aren't the easiest interfaces I've found. I got it for my upcoming fibre install and I'm not one to use ISP provided hardware.

On previous routers, everything was filtered unless I specifically opened a port, so to have it the other way around is a little disconcerting, especially considering if I have UPnP enabled that shows as open. This was never the case on others.

I'll just work with NAT as that will offer some protection.

Thanks anyway.

At least you'll be able to use the router without an external modem for fibre

If helps

http://www.draytek.com/index.php?option=com_k2&view=...
http://www.draytek.com/index.php?option=com_k2&view=...

Thank you, restricting by MAC address looks as if it will help but I'll have to test it and see if it works as the 2850 and 2860 are somewhat different.

Thanks. These seem to be just blocking LAN clients from the router administration. I gave these two a try anyway and ports are still not filtered.

I understand that there is NAT protection, but it is not a firewall.