Hi All,
Yesterday I received an ERL and proceeded to set it up. I can't remember which option I tried but I couldn't get internet access. In the end I had to disable the firewall to get internet connectivity and configure what I could manually. I'm very new at this and I admit that I am extremely overwhelmed to the point of wanting to send the thing back.
After getting the IP addresses and stuff sorted last night I opted to tackle the firewall today. I found a guide to set up a simple firewal which I followed. Basically it drops 'unsolicited' packets and allows traffic 'asked for' by devices on the LAN through. See below for what I hope are the firewall rules from the config:
name WAN_IN {
default-action drop
description ""
enable-default-log
rule 1 {
action accept
description "Allow established seessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop inalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description ""
enable-default-log
rule 1 {
action accept
description "Allow established seessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}I've also setup UPnP and some NAT stuff which is working fine. As expected it works better than the ISP provided router I had before this. However the problem I want to fix is remote management being available from the WAN/ppoe interface. My network is as follows:
Fibre ONT modem (WAN)
WAN connection is a PPPoE connection via eth0.
LAN goes through eth1 to an unmanaged gigabit switch
eth2 not in use.
A port scan of my public IP shows the following ports as being open:
Open TCP Port: 22 Open TCP Port: 53 Open TCP Port: 80 Open TCP Port: 443
In my search for a fix I found a thread here which suggested the following:
configure set service gui listen-address <lan ip address> commit save exit
This blocks me from accessing the GUI control panel and I have to use the reset button.
Quite frankly I am tearing my hair out here. I managed to get NAT and UPnP working for myself today but this is getting to me. I should be able to do this. I'm not the sharpest knife in the drawer but I should be able to get this sorted without having to holler at friends who do this for a living to help in their off hours 
So to sum up I basically want to be 'invisible' to anyone having a sniff at my internet IP. For now I'll settle with blocking access to remote management and preferably not responding to external ping commands. In an ideal world I would like to be completely 'incognito' but I accept that's probably beyond my ability at the moment.
I would prefer to stay out of the command line if possible but I accept that I might have to. It's worth pointing out that they default login doesn't exist anymore and that the IP assigned by my ISP isn't static. For all the stress it's causing me I like the router and I like the fact it's the first box I've had that doesn't make GTA Online have a fit!
Please keep things as simple as possible. I will do my best to keep up 
Thank you