Out of the box, your Opengear device runs a stateful netfilter/iptables firewall with a default deny input policy. A firewall ruleset is automatically built and installed based on enabled features and per-interface service access policy.
At a high level, per-interface access through the firewall is configured under System -> Services -> Service Access. You may also use custom firewall under System -> Firewall -> Firewall Rules for more granular control, e.g. to restrict connections to those originating from a trusted source network.
Rule order is important as packets fall through the firewall chains top to bottom, until they hit a matching rule that allows or blocks.
Custom Firewall Rules are inserted before system rules and Service Access rules. It is important that you do not manually add a custom "block all" rule as this will break connection tracking (system rule) and impair functionality.
Moreover, the input policy ends with a "block all" rule by default – so the solution is to disable Service Access rules so they are not matched, and unwanted packets fall through the the default "block all" rule.
The configured firewall ruleset in iptables-restore format is available in the filesystem at /etc/config/fw.rules (IPv4) and /etc/config/fwipv6.rules (IPv6).
You can also view rules with the standard iptables commands:
iptables -t filter -L -v iptables -t mangle -L -v iptables -t nat -L -v
ip6tables -t filter -L -v
ip6tables -t mangle -L -v
Custom iptables commands
Advanced users may install persistent rules using arbitrary iptables commands by adding them to /etc/config/scripts/firewall-post file. This is a shell script that's run after fw*.rules are installed.