The router uses network address translation (NAT) and stateful packet inspection (SPI) firewall to protect your home network.
The NAT and firewall service can be globally (for LAN and all WAN connections) enabled/disabled from the "Setup" -> "Firewall/NAT services" page. If disabled, no NAT functionality nor firewall protection will be provided.
For each WAN connection (e.g. the Internet connection) NAT and firewall can be enabled/disabled. With firewall enabled on a WAN connection all incoming packets are examined by the SPI engine and traffic is dropped if it is not matching an existing connection opened from LAN side or a port forwarding rule.
Connections from LAN side to the Internet are trusted and allowed to pass through the router unless explicit IP filter rules are used to block the LAN traffic. This asymetric permisive firewall setup (drop from WAN, allow from LAN) provides easy to use Internet access while protecting the home network.
