Hello *,
since I am not sure whether I am dealing with a bug, a missing feature or my very own personal incompetence, asking the mailing list seemed reasonable for this. :-)
For security purposes, dropping packets from source ports < 1024 is a good idea as the latter indicates successful compromise of services running on privileged ports. New connections are usually established from ports > 1023, so there is little legitimate scope for this if in doubt.
When creating a firewall rule via the WebIF, it does not seem to be possible to limit source _and_ destination ports if a predefined service (group) is used - the latter one always refers to the destination port(s).
As soon as a single protocol such as TCP or UDP is selected, however, a field "source port" is available.
Is this behaviour intentional? If yes, how do I limit firewall rules to certain source ports then? Aren't the descriptions "service" and "service group" misleading?
Thanks, and best regards, Peter Müller