# Firewall Settings

The router firewall controls the forward packet streams from incoming network interfaces to outgoing network interfaces. Firewall rules add another layer of granularity to what can be forwarded across interfaces and which packets can be inputted and outputted.

***

## Firewall Zones <a href="#firewall-zones" id="firewall-zones"></a>

The firewall collects interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:

* A rule for a packet originating in a zone must enter the router on one of the zone's interfaces,
* A rule for a packet being forwarded to a zone must exit the router on one of the zone's interfaces.

After accessing the router, go to "Network > Firewall" to enter the "Firewall - Zone Settings." The "SYN-Flood Protection" is enabled by default. You can use the default firewall zone settings in most conditions.

Check more on the [firewall tutorial](https://how.router.works/net/firewall).

***

## Port Forwarding <a href="#port-forwarding" id="port-forwarding"></a>

Port forwarding applies network address translation (NAT) and redirects a communication request from one address and port number combination. Port Forwarding allows remote computers to connect the outdoor router within a private local-area network (LAN).

To enable port forwards, "Forward" options must be allowed under the "General Settings" tab of the firewall zones. Then click the "Save & Apply" button to take effect.

➀ Replace "Forward" with "Accept" in the general settings section.\
➁ Scroll down to the "Zones" section and update the Forward column in the WAN row to "Accept."

Check more on the [port forwarding](https://how.router.works/net/firewall/port-forward) tutorial.

{% hint style="info" %}
The public port forwarding relies on a public IP address. Most mobile internet connections have a private IP address. You can buy the extra public IP service from the mobile carrier.
{% endhint %}

***

## Open New Port <a href="#open-new-port" id="open-new-port"></a>

After accessing the router, go to "Network > Firewall > Traffic Rules: Open port on router" to add a new port on the 4G router.

* **Name:** Input name of the new port
* **Protocol:** Choose from TCP or UDP
* **External port:** The new port number

After entering the above parameters, click the "Add" button. Then click the "Save & Apply" button on the bottom right corner. You will find the new port on the "Traffic Rules" list.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://outdoor.router.works/manual/advanced-settings/firewall-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.