How do I configure the firewall for my ZTE Experia Box v10. to block outbound communication on specific TCP and UDP ports?
Note: I know how to configure port forwarding to open inbound communication on specific TCP and UDP ports. My question is how to configure/block outbound communication?
On the status page, under the “Advanced ” section in the “Firewall ” tab I can see that the firewall is on but how do I configure it?
Regards,
That is not possible on the Experia/KPN Boxes.
Thank you for the quick response.
That’s too bad. I guess I’ll have to look for a private router in that case.
Regards.
What do you want to block outgoing?
Wow, that is not "the normal way".
I can imagine that you would like to block partiicular sites but not all ports.
For blocking sites it might be better to investigate in the option to use your own DNS server (like for example a PiHole).
Sure, the problem is with running potentially rouge IoT devices (e.g. IP Cameras, etc.) where there is always a latent risk of them “calling home”, as it were, by communicating information to 3rd parties. These comms don’t always use HTTP but explicit IP addresses and sometimes they’re quite sophisticated in the way they do discovery and so forth. Essentially, they use custom application-level protocols for discovery and communications on top of UDP and/or TCP. To try to figure this out is all but impossible so the safest way is to simply block all ports for outbound comms except the relatively small number of well-known ports such as 80 and 443.
In that case I would advise you to use, like me, a more professional router that is capable of using a separate vlan for your IoT devices an on which you can configure an outbound firewall.
I use an EdgeRouter 4.
It’s actually an 8-port switch, oops. ;-)
It’s actually an 8-port switch, oops. ;-)
It is not even a switch but 8 separate LAN ports that can't be combined to one network other than by bridging which has a dramatic impact on throughput.
I would strongly advise to choose for the EdgeRouter 4.
It’s actually an 8-port switch, oops. ;-)
It is not even a switch but 8 separate LAN ports that can't be combined to one network other than by bridging which has a dramatic impact on throughput.
I would strongly advise to choose for the EdgeRouter 4.
That’s not true; the first eight ports of the EdgeRouter 12 actually are switched. It has a built in switch chip allowing full throughput between those ports; no bridging needed ( like the EdgeRouter X ). The ninth and tenth RJ45 ports are not part of the switch group (and neither are the two SFP ports). ;-)
For home use, the EdgeRouter 12 is more practical than the 4.
It’s actually an 8-port switch, oops. ;-)
It is not even a switch but 8 separate LAN ports that can't be combined to one network other than by bridging which has a dramatic impact on throughput.
I would strongly advise to choose for the EdgeRouter 4.
That’s not true; the first eight ports of the EdgeRouter 12 actually are switched. It has a built in switch chip allowing full throughput between those ports; no bridging needed. The ninth and tenth RJ45 ports are not part of the switch group (and neither are the two SFP ports). ;-)
My bad ... you're right, I had the EdgeRouter 8P in mind.
For home use, the EdgeRouter 12 is more practical than the 4.
Please note that the switch functionality of the EdgeRouters do not support IGMP snooping. So if you have KPN TV make sure these are not connected through the switch of the EdgeRouter.
😁 The switch indeed doesn’t support IGMP snooping, but as long as you create a VLAN for IPTV that won’t be a problem (switch is VLAN-aware so you can simply set a different PVID for that port; if you use multiple STBs, make sure to connect them behind a switch that does support IGMP snooping, like a NETGEAR GS105Ev2, or create a VLAN for each STB and configure them as downstream IGMP proxy interfaces).
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
