NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

DwayneMcVittie's avatar
Aug 29, 2015
Solved

Restrictive Firewall settings on R8000

Apologies if this is already answered somewhere else.

 

I want to apply the most restrictive firewall settings (just open up HTTP and HTTPS) and nothing else but I can't seem to find a way to do this - easily

 

In advanced settings under block services I seem to be able to block specific services, but that seems to require me to block every service possible just to leave HTTP and HTTPS open - there must be an easier way.


I'm a little disapointed in how challenging this appears to be (is the default wide-open) and on top of that, to have the default password to be 'password' seems to be inviting attention - of course, it's the first thing I changed, but some people may not be aware of how fundamentally risky this is.

  • Why do you want to do this?  Blocking everything but http and https is probably a really bad idea.  Many websites and services will probably stop working because they will use other ports.  Streaming services, like Netflix, Youtube or even IPTV may break.  If you read email with a desktop application, like Outlook or Thunderbird, then they will stop working.  If you are determined to do this, then read on.

     

    You can easily block entire ranges of ports using the Block Services feature on your R8000.

    Block Services

    If you truly wanted to allow only http (port 80) and https (port 443), then you would need to block 3 ranges: 1-79, 81-442 and 444-65534.  Good luck!

4 Replies

  • Why do you want to do this?  Blocking everything but http and https is probably a really bad idea.  Many websites and services will probably stop working because they will use other ports.  Streaming services, like Netflix, Youtube or even IPTV may break.  If you read email with a desktop application, like Outlook or Thunderbird, then they will stop working.  If you are determined to do this, then read on.

     

    You can easily block entire ranges of ports using the Block Services feature on your R8000.

    Block Services

    If you truly wanted to allow only http (port 80) and https (port 443), then you would need to block 3 ranges: 1-79, 81-442 and 444-65534.  Good luck!

    • DwayneMcVittie's avatar
      DwayneMcVittie
      Aspirant

      Thanks, I'll try this, I was just being extreme to as an example of how restrictive I'd like to be and then to open up to the services I actually need. Really appreciate the fast reply.

       

      I guess what I need is a canonical list of ports I absolutely need open, I had hoped there would be a default, for example I don't want ssh open and I don't want to respond to pings etc.

      • TheEther's avatar
        TheEther
        Guru

        You're welcome.  I'm not really sure, however, how much it will help to block unused outbound ports.  I'm sure a lot of malware is transported through http and https.  All it takes is to visit a malicious website and a virus can be sent back right through port 80.  Don't get led into a false sense of security by blocking ports.  It's more important to block incoming ports, and all consumer routers do that by default.