# Firewall Settings

## Firewall Zones <a href="#firewall-zones" id="firewall-zones"></a>

The firewall can collect interfaces into zones to filter traffic logically. A zone can be configured to any set of interfaces. This simplifies the firewall rule logic somewhat by conceptually grouping the interfaces:

* A rule for a packet originating in a zone must enter the extender on one of the zone's interfaces,
* A rule for a packet being forwarded to a zone must be exiting the extender on one of the zone's interfaces.

After accessing the admin, go to `Network` > `Firewall` to enter the `Firewall - Zone Settings`.The `SYN-flood protection` is enabled by default. You can use the default firewall zone settings below in most conditions.

<figure><img src="https://965772593-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lx_t9df5OXiii0kaJ6x%2F-LxegQqqJ83AJN3WWLj1%2F-LxegeTg6jI9vYHaLu7t%2Fimage.png?alt=media&#x26;token=aa1a8b99-1c77-4b2a-b3e8-73fa6c6693e0" alt=""><figcaption><p>Default firewall zone settings</p></figcaption></figure>

## Port Forwards <a href="#port-forwards" id="port-forwards"></a>

Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another. Port Forwarding allows remote computers to connect the WiFi extender within a private local-area network (LAN).

Log in to the admin, go to `Network` > `Firewall` > Click the tab `Port Forwards` to enter the configure section.

1. Click the button `Add`
2. `Name` : Enter the reference name. e.g., *Test*
3. `Protocol`: Select from `TCP`, `UDP`, and `TCP+UDP`
4. `External zone` : Select `WAN`
5. `External port` : Set the port number you want to access from the external network
6. `Internal zone` : Select `LAN`
7. `Internal IP Address` Select from the connected intranet hosts
8. `Internal port` : Choose the port number that needs to be forwarded from the intranet host
9. Click the button `Save & Apply`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://extender.router.works/ezr13/advanced/firewall-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.