I have a PC connected to the Lan port of a modem and my goal is to make it as secure as possible allowing ONLY Synology and MQTT to work. In order to do this, I’ve set up four traffic rules on the modem in the following order:
1. Block all incoming traffic from any host in any zone to any host in lan
2. Allow outgoing traffic from any host in lan to a specific IP address through port 6690(for Synology) in wan
3. Allow outgoing traffic from any host in lan to any host in wan through port 8883(for secure MQTT)
4. Block all outgoing traffic from any host in lan to any host in wan
Even though I’ve blocked all incoming, I still have internet access. The reason for this is rule no. 3.
Any ideas how can I achieve what I want to as mentioned initially?