I wanna close ALL outgoing ports except 443, 123, 853. How to block ALL except these ones?
Why: to avoid abuse of my network as much as possible.
This can be archieved in luci (advanced settings) like so:
Navigate to luci->network->firewall->traffic rules(it is a tab).
Scroll down and add a new traffic rule.
The rule should look like:
! is a special operator in luci, which means NOT, so basically it comes down to a boolean: Everything but NOT these ports.
However you might want to add a rule above this one, so that the router is allowed to obtain pppoe, or dhcp from the isp, the source zone should be this device, destination zone wan, destination ports just leave this empty.
If vpn is involved you need to make another rule with the destination zone and destination port just like the wan one but then for the vpn zone instead of wan.
What it does not, the abuse on the network from client to client, it only restrict the ports from client to the internet.
However even without this rule.... all unsolicitated network gets blocked, this is how firewalls work:
Only if the client sents a packet, the other line is allowed to respond on this same line, but if the communication started from the other end it gets blocked, so abuse from outside to your network inside is blocked.
In multiplayer games this is often why you join a lobby first or a server list this server then functions as the middle person allowing to punch a hole to join other servers and contact players, with peer to peer its also kinda working like that, it's calling hole punching, the reason why some games ask for portforward is only if you are alone or hosting server.
1 Like