Blocking all ports except the basic ones

Hi. I need to block all my ports that have access to the internet, except for TCP 443, TCP 80, TCP 53 (dns) and TCP 67 (DHCP, not sure if needed).

Can someone help me out with this?
I've tried creating on LUCI, I created a rule that blocks everything, placed it at the top then placed the rules that allows said ports at the bottom and I still can't access the Internet. What can I do?

Thanks

You have to put the rule that blocks everything at the bottom. Otherwise no other rule will ever get processed.

Also, for DHCP you need UDP ports 67 and 68, while for DNS you need UDP port 53.

1 Like

You also need UDP 443 for HTTP/3

Why? What is your expected outcome/aim from doing this?

3 Likes

“Access to internet”? Do you mean access to internet from LAN or access from internet to the router?
Because unless you haven’t done anything spectacularly stupid like opened the firewall to begin with, this is the default setup to begin with. Except for the even more stupid thing to open 443, 80 and 53 from internet!

1 Like

Please continue the conversation in the original thread

1 Like