AR-300M16 2.264 how to close port 443 (ShieldsUp!)


after checking with ShieldsUp! the result was open port 443 which suggested a potential vulnerability and should be closed. How can I do that please? It is an AR-300M16 2.264. Please do not suggest to upgrade as this is a stable firmware for my openvpn.

thank you

That you’ve got port 443 open to the public Internet and you don’t know why is concerning. Have you installed or configured a public web server intentionally?

If you’re not intentionally serving web pages over HTTP-S to the public Internet, checking your firewall rules to make sure that 443 is blocked for input from “WAN” would be a wise idea. Checking the configuration for nginx or uhttpd, whichever you’re using for LuCI would be wise as well. In my opinion, it should only “listen” on a protected interface, either a management interface for advanced users, or “LAN” for other users.

(BTW, “Shields Up” is an interesting tool for a quick check, but many security-aware users and professionals find significant fault with its output and the interpretations if the results it provides.)

I have found out that port 443 opens when I set openvpn on router (safervpn). How can I avoid this?

In firewall rules there is no rule for port 443, neither nginx or uhttpd configuration.

I have checked port 443 with other tools too, it is confirmed open.

How can set a rule to block 443 for input from WAN?

Please advise

You can ssh to the router, execute cat /etc/config/firewall. Show the firewall configuration file in here.

Check your OpenVPN config. I would bet that it is set to listen for clients on port 443. Port 443 is commonly used as firewalls at other locations typically do not block the port, at least for TCP.

I have the same issue. The .ovpn doesn’t openly say anything about 443 and there is no listener option in the gui mistakenly activated, and blocking it in the firewall doesn’t work.

OpenVPN TCP connections use Port 443. OpenVPN UDP connections use Port 1194.

OpenVPN may use TCP as a fallback, by default, in case UDP fails.

I do not work for and I do not have formal association with GL.iNet