Discussion in 'Tomato Firmware' started by laxxe, Dec 18, 2006.
How do I block everything, except certain ports/services (www, pop3, smtp, ftp, ...)?
In Access Restrictions, you should be able to create 4 or 5 rules that block everything except what you wish to allow. After you un-check "Block all internet access", you will get the standard QOS rule template. You should be able to define port ranges in each rule, leaving gaps in between the rule ranges for your desired services. For example, create the first rule to block ports 1 thru 79. Next rule, block ports 81 - 65535, and you will be left with only port 80 working. Now we need to find the correct syntax for entering port ranges into the port field !
Hmm, this is a pretty weird way to do it (in my opinion). If I want to enable a port temporary, it takes "alot" of work - and it seems weird to name (describe) the blockings then.
It would be better to have a "Block everything, except..." rule or so. Isn't this possible?
That right there is probably all the reason Jon will need to put it into the next release ! (Even so, Tomato is the only firmware that will let you do this from the GUI, and it will actually work !). That is one of the best things about this firmware. For an example of the correct port range syntax, look at the default QOS rule that block "non-essential services". The starting and ending ports are seperated by a dash like this; 1024-65535 (Copied from the rule). Don't forget to leave port 53 open for DNS.