Having sorted out the Wifi issues on our Vigor 2925ac I'm having a poke around.

I the firewall area there are default "call filters" with the default doing "Block NetBios" and "TCP/UDP, Port: from 137~139 to any - wossat
doing then?

And also a "call filter" doing the same.

I could block most ports both ways apart from 25, 80, 110 and 1352 I guess?

No one knows it seems?

So going to Mr. Google i found this .....

http://digitallachance.com/blog/2009/02/should-you-kill-netbios-from-your-network/

Bit old but makes sense

But what about other ports?

Hi Andy,
late to the party on this one, but something I'm actively look at now.
I confess my primary motivation is having turned on IPv6 and having active IPv6 WAN connections now, all of my LAN devices are IPv6 enable and where possible, IPv6 is what I'm using.
As far as I'm able to understand, it's a stateful firewall, so if a connection is initiated from inside, corresponding traffic should be allowed back in response.
Call filters = outgoing traffic (initiated from inside)
Data filters = incoming traffic
I was interested to find out that (it would appear firmware version specific) INCOMING IPv6 connections are disabled by default, so my option were to either turn that off and allow anything in, or look at the firewall properly.
My main firewall experience comes from iptables (Linux man at heart) so I'm trying to relate the way the Draytek works to that (I wouldn't be surprised if that's similar to what the Draytek's actually using underneath)
The basic iptables approach is to block/drop EVERYTHING and only allow the stuff you precisely need, and as far as I understand (but DON'T take my word for it !) if "Enable Strict Security FIrewall" is enabled, that is what happens, remembering the stateful nature comment above.
Interested to see 1352 on your list - Domino ?
Good luck, I would be interested to know how you get on.
Cheers
Simon

Hi and thanks for the explain re filters

not sure what you mean by "Enable Strict Security FIrewall" - not sure where that is

1352 is indeed Domino and is NATed to our Notes server only

We only have an IP4 connection here and no intenetion to go IP6 until our provider makes us an offer

Hi Andy - not stalking you, just posted another thread - honest :o
The "Enable Strict Security Firewall" option is in "Firewall >> General Setup", just above "Block connections..."
Cheers
Simon

andy_cawdell wrote: Having sorted out the Wifi issues on our Vigor 2925ac I'm having a poke around.

I the firewall area there are default "call filters" with the default doing "Block NetBios" and "TCP/UDP, Port: from 137~139 to any - wossat
doing then?

And also a "call filter" doing the same.

I could block most ports both ways apart from 25, 80, 110 and 1352 I guess?

Call filters are just about what type of packet can raise an internet connection if one is not already up. Focus on your data filters.