I also always allow NTP, because things get confused/stop working when time is not within margins. Also STUN is more often needed for things like Teams, Webex and Zoom. STUN server is 3478 for UDP and TCP, and 5349 for TLS.

Block outbound UDP 443, which is Google's QUIC protocol. UDP is faster for streaming media, but less secure. TCP is the standard protocol for port 443 and uses the three-way handshake for data integrity and security.

Hi Willie, I'm wondering how to block DNS exept for example a pihole. So 2 ip adresses on the network can go out. Maybe redirect DNS?

How to automatically block internet traffic to newly connected devices as i want to allow them internet access myself with their mac addresses

I locked down my network and allowed some ports but port forwarding is not working. Is there anything I'm not doing right ?

Willie think he slick lol he knows we wanna see the next video 😂❤

Rule of thumb for me( on my setups on business environment) ..I only allow outgoing connections tcp/udp to 80/443/53/123/8080/5938 for teamviewer.. icmp echo req blocked of course..incoming connection (allow only established/accepted packets and drop invalid).. by the way congratulations for the video .keep going

This did not work for me. All of my Echo devices will accept commands but won't turn on and off devices. I added port 8080 and 3478 to the list but no joy.

A very helpful video Willie 🙂

For me I allowed only these ports 80, 443, 123, 53, 25, 465, 587, 110, 995 in my network. Does this kind of setup blocked bittorrents ?

QUIC used UDP/443 You are only blocking ports, not with protocol, correct?

Good video.. does blocking these ports still allow incoming streaming services? Eg Disney+ etc thanks

Thank you for this tutorial, I'm new to networking. Question: I've applied these firewall rules, and I am running mullvad vpn configured on my router through open vpn, so everything going through my router is being routed through my vpn. When i test ports, it was open, allowing a connection using the test site you provided. I then paused my vpn and ports are closed, it will not load page using the test site provided. My primary concern is my internet traffic being monitored, or remote access and outbound routing. Should I not be running a vpn through my router ? I thought this was the most safe route, but it's still allowing outgoing connections so i will keep my current configuration if the vpn isn't necessary. thanks again. subscribed.

Who uses Google for news 😅 that's like using a sieve for water - you'll only get a filtered version of what's really there.

Awesome content! Thank you! 😊

Why would you filter outbound traffic? You are only overloading USG or UDM.

Nice informative video!

Thank you very much. Also had to add Xbox ports for my kids. Ports 88, 3074, 500, 3544, 4500

keep it up nice video's learning alot thx :) can you make a tutorial how to control the dns also thx :)

Good for cryptominers and torrenting but be aware that most malware also uses 80/443 since it's a commonly open port.

Thank you

Yes, please on DNS control.

And polecjes like this just make evry possible protocol tunnel over port 08 or 443 to "bypass thst pesky firewall" meaning you have to implement dpi etc: Note: I shuld hsve said makes evry application developer tunel...

Yes how to control dns video pls

If you're doing this on a home network and game, or have kids that game, have fun discovering how many game devs insist on wide open traffic in and outbound 😉👍

Noooo your breaking the internet, my school does this and it's a pain

Nice video thanks for sharing, but why would you lock down your network if you're gonna be using TikTok? Thats a massive security and privacy breach in and of itself. Doesn't make any sense

Dns crontrol

DNS lookups shouldn't be going out. They should be answered by internal server or relay. Also Google "Should I block ICMP" ... It should be allowed for PMTUD etc

How about no :))

No thanks

You need to stop smoking hubcap shavings mate.