That is not possible on the Experia/KPN Boxes.

Thank you for the quick response.

That’s too bad. I guess I’ll have to look for a private router in that case.

Regards.

What do you want to block outgoing?

Everything that I don’t explicitly want to allow :)

Wow, that is not "the normal way". 

I can imagine that you would like to block partiicular sites but not all ports.

For blocking sites it might be better to investigate in the option to use your own DNS server (like for example a PiHole).

Sure, the problem is with running potentially rouge IoT devices (e.g. IP Cameras, etc.) where there is always a latent risk of them “calling home”, as it were, by communicating information to 3rd parties. These comms don’t always use HTTP but explicit IP addresses and sometimes they’re quite sophisticated in the way they do discovery and so forth. Essentially, they use custom application-level protocols for discovery and communications on top of UDP and/or TCP. To try to figure this out is all but impossible so the safest way is to simply block all ports for outbound comms except the relatively small number of well-known ports such as 80 and 443. 

In that case I would advise you to use, like me, a more professional router that is capable of using a separate vlan for your IoT devices an on which you can configure an outbound firewall.

I use an EdgeRouter 4.

Thank you very much! That sounds like the best plan.

@arpnl FYI, I have an EdgeRouter 12 for sale on Marktplaats. Even more powerful as an EdgeRouter 4, and also has a built in 7 port switch. The more powerful EdgeRouters (4 and 12) are hard to find nowadays. ;-)

It’s actually an 8-port switch, oops. ;-)

It is not even a switch but 8 separate LAN ports that can't be combined to one network other than by bridging which has a dramatic impact on throughput.

I would strongly advise to choose for the EdgeRouter 4.

That’s not true; the first eight ports of the EdgeRouter 12 actually are switched. It has a built in switch chip allowing full throughput between those ports; no bridging needed ( like the EdgeRouter X ). The ninth and tenth RJ45 ports are not part of the switch group (and neither are the two SFP ports). ;-)

For home use, the EdgeRouter 12 is more practical than the 4.

My bad ... you're right, I had the EdgeRouter 8P in mind.

Please note that the switch functionality of the EdgeRouters do not support IGMP snooping. So if you have KPN TV make sure these are not connected through the switch of the EdgeRouter.

The switch indeed doesn’t support IGMP snooping, but as long as you create a VLAN for IPTV that won’t be a problem (switch is VLAN-aware so you can simply set a different PVID for that port; if you use multiple STBs, make sure to connect them behind a switch that does support IGMP snooping, like a NETGEAR GS105Ev2, or create a VLAN for each STB and configure them as downstream IGMP proxy interfaces).