Any way to close all connections to all ports (outbound) except 443 (HTTPS) and 853 (DOT)?
I need this to implement on my guest network to avoid abuse (like torrents etc) that can create problems for me
GL.iNet GL-MT6000
OpenWRT 25.12.0 (r32713-f919e7899d)
One method would be to remove the forwarding from guest to wan, and then add a traffic rule from guest to wan, only accepting destination ports 443 and 853.
I’m not sure the resulting network would be worth using, but that’s the general idea.
As @dave14305 says, the resulting network would not be worth using.
Perhaps not even providing a guest network is the correct path.
If you are providing a guest network for members of the public, most jurisdictions/countries have anti-abuse regulations, privacy regulations and anti-criminal/terrorist regulations for "Service Providers" - that is, potentially you. So yes it can create problems for you.
The answer is to provide a captive portal, where you can satisfy regulations and legally pass responsibility for abuse to the end user.
For OpenWrt, I would recommend the OpenNDS package.
This package is designed to provide required legal compliance for any jurisdiction, pretty much by default.
But it also provides user quotas and fair usage policies where if a user exceeds a configured data volume, their data rates will be throttled.
Sounds complicated, but by default, it is not. Just simple config options to set for a working system.