OpenWRT VM Script -> Fixing open WAN Input and Forward

[chackl1990]

Important Update: OpenWRT WAN Firewall Configuration

Script Link:
OpenWRT Installation Script

Issue Overview

If you used the script without modifying your WAN firewall settings, the HTTP and SSH interfaces might be exposed to the WAN. This poses a significant security risk, especially if no additional firewall is in place.

What Happened?

The previous version of the script included two lines that unintentionally opened the WAN input and forward settings in the firewall, leaving your system vulnerable.

Fix for New Installations

A fix has been introduced to address this issue. Going forward, the script no longer applies the insecure firewall settings.
You can view the fix here: Pull Request #1540

⚠️ Note: Do not restore backups of VMs created using the original script. These backups will reinstate the problematic firewall configuration.

---

Steps to Secure Existing Installations

You do not need to reinstall your OpenWRT VM. Instead, follow one of these methods to secure your system:

Using the LuCI Web Interface

1. Open the LuCI Web Interface.
2. Navigate to Network → Firewall.
3. Adjust the Zones settings for the WAN as shown in the image below:
   
4. Save the settings.
5. Reboot your OpenWRT VM to ensure the changes take effect.

Using SSH/CLI

If you prefer the command-line interface, execute the following commands:

uci set firewall.@zone[1].input='REJECT'
uci set firewall.@zone[1].forward='REJECT'
uci commit
reboot

Kind Regards, C.Hackl