I've been reading about making my router as secure as possible.
harden the Linux kernel, disable all LAN traffic, change ssh port, super secure root and admin passwords, etc.
My question: how can I disable all open ports, except 22, 80, 443 and 1194. BTW, does port 1194 need to be open for my VPN to work or can I route all traffic through that port only? Goal is to disable unauthorized scripts, attacks, etc from taking over the router.
Is it worth it to install seccomp and isolate only those processes that control the WAN?
How can I disable output ports that allow, for example, a keylogger to send all of my keystrokes to a web address on an unused port? Is that even possible?
Finally, is there any tool that monitors what ip address you're connected to and only allows data to be sent to that IP and drops everything else? Say, I'm watching a youtube video on whatever ip but a keylogger is sending my HDD contents to some ip that is not youtube. Any way to stop that?
That would be however a quite tedious task to do. For instance, in order to allow YouTube to function, you have to allow tons of 3rd party websites to work, as shown in this screenshot.
