Hello,
at the risk of exposing myself as a complete ignorant. What is the routers firewall doing to traffic from outside the internet if no rules are configured?
Regards
Bernhard

To better specify, is Stateful Packet Inspection active per default or does it need a particular rule for activation?

Ber18578 wrote:
To better specify, is Stateful Packet Inspection active per default or does it need a particular rule for activation?

Yes, it is (active).

In any case, the only "Open Ports" (ie in the NAT translation table), will be those that the Router had to 'open' in order to pass outbound traffic to the Internet. (Assuming of course, that Ports haven't been opened manually, Ports haven't been 'redirected' and no 'DMZ' host specified). So even with no firewall rules, there is very little/no? scope for unsolicited traffic to travel inbound.

Thanks for the help,
does this apply to IPv6 traffic as well?

I'm fairly sure that the "Block routing connections initiated from WAN" box for IPv6 is ticked by default. If it isn't suggest that you tick it....

The Vigor2960 is a Linux based router so its configuartion interface doesn't have the tick box you are referring to. So thats why I was asking what happens if no Rules are defined, The default policy is "accept", that is why I was fearing that SPI on IPv6 traffic needs extra activation, although I couldn't find any means for enable/disable.

I want to setup IPv6 for a particular server for VoIP. i.e. one specific pass rule for this prefix on port 5060.

So that's why I was wondering if I can safely turn on IPv6 since I have active stateful packet inspection on IPv6 traffic.