WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

How to block all incoming and outgoing traffic through all ports except 8883 and 6690?

0 votes
553 views 0 comments
by anonymous

I have a PC connected to the Lan port of a modem and my goal is to make it as secure as possible allowing ONLY Synology and MQTT to work. In order to do this, I’ve set up four traffic rules on the modem in the following order:

1. Block all incoming traffic from any host in any zone to any host in lan
2. Allow outgoing traffic from any host in lan to a specific IP address through port 6690(for Synology) in wan
3. Allow outgoing traffic from any host in lan to any host in wan through port 8883(for secure MQTT)
4. Block all outgoing traffic from any host in lan to any host in wan

Even though I’ve blocked all incoming, I still have internet access. The reason for this is rule no. 3. 

Any ideas how can I achieve what I want to as mentioned initially?

1 Answer

0 votes
by anonymous

Hello,

From a ssh or CLI console enter the rules in the order below:

1+4) iptables -P FORWARD DROP
2) iptables -I FORWARD -i br-lan -p tcp -d synology_server --dport 6690 -j ACCEPT
3) iptables -I FORWARD -i br-lan -p tcp --dport 8883 -j ACCEPT

Put the commands in the custom rules section of the firewall if you are satisfied.

Regards,