Restrictive Firewall settings on R8000

DwayneMcVittie · ‎2015-08-29

Apologies if this is already answered somewhere else.

I want to apply the most restrictive firewall settings (just open up HTTP and HTTPS) and nothing else but I can't seem to find a way to do this - easily

In advanced settings under block services I seem to be able to block specific services, but that seems to require me to block every service possible just to leave HTTP and HTTPS open - there must be an easier way.

I'm a little disapointed in how challenging this appears to be (is the default wide-open) and on top of that, to have the default password to be 'password' seems to be inviting attention - of course, it's the first thing I changed, but some people may not be aware of how fundamentally risky this is.

TheEther · ‎2015-08-29

Why do you want to do this? Blocking everything but http and https is probably a really bad idea. Many websites and services will probably stop working because they will use other ports. Streaming services, like Netflix, Youtube or even IPTV may break. If you read email with a desktop application, like Outlook or Thunderbird, then they will stop working. If you are determined to do this, then read on.

You can easily block entire ranges of ports using the Block Services feature on your R8000.

If you truly wanted to allow only http (port 80) and https (port 443), then you would need to block 3 ranges: 1-79, 81-442 and 444-65534. Good luck!

View solution in original post

TheEther · ‎2015-08-29

Why do you want to do this? Blocking everything but http and https is probably a really bad idea. Many websites and services will probably stop working because they will use other ports. Streaming services, like Netflix, Youtube or even IPTV may break. If you read email with a desktop application, like Outlook or Thunderbird, then they will stop working. If you are determined to do this, then read on.

You can easily block entire ranges of ports using the Block Services feature on your R8000.

If you truly wanted to allow only http (port 80) and https (port 443), then you would need to block 3 ranges: 1-79, 81-442 and 444-65534. Good luck!

DwayneMcVittie · ‎2015-08-29

Thanks, I'll try this, I was just being extreme to as an example of how restrictive I'd like to be and then to open up to the services I actually need. Really appreciate the fast reply.

I guess what I need is a canonical list of ports I absolutely need open, I had hoped there would be a default, for example I don't want ssh open and I don't want to respond to pings etc.

TheEther · ‎2015-08-29

You're welcome. I'm not really sure, however, how much it will help to block unused outbound ports. I'm sure a lot of malware is transported through http and https. All it takes is to visit a malicious website and a virus can be sent back right through port 80. Don't get led into a false sense of security by blocking ports. It's more important to block incoming ports, and all consumer routers do that by default.

DwayneMcVittie · ‎2015-08-29

Thanks again, I didn't realize that blocking the incoming ports was done by default - I feel much better knowing that

Restrictive Firewall settings on R8000

Restrictive Firewall settings on R8000

Re: Restrictive Firewall settings on R8000

Re: Restrictive Firewall settings on R8000

Re: Restrictive Firewall settings on R8000

Re: Restrictive Firewall settings on R8000

Re: Restrictive Firewall settings on R8000