• February 22, 2025, 02:32:24 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How to block a UDP port on the router?  (Read 8708 times)

jc53

  • Level 1 Member
  • *
  • Posts: 7
How to block a UDP port on the router?
« on: August 27, 2015, 12:10:11 PM »
Is it possible to block a UDP port on the router, so no one from outside can connect to my router's public address on that port?

Thanks!
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block a UDP port on the router?
« Reply #1 on: August 28, 2015, 09:17:09 AM »
You might check under Access Control Policies and I think there is a port control feature there as well...Access/Apply Advanced Port Filters?

Let us know what you find...
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: How to block a UDP port on the router?
« Reply #2 on: August 28, 2015, 05:04:17 PM »
@Furry: Sorry no. Access Control only controls outgoing traffic LAN --> Internet but not in the other direction.
@jc53: You don't have to explicitly block any TCP or UDP port because no such port is listening on your public IP address at your router's WAN interface for incoming connection initiating traffic! Hence any such traffic would be implicitly dropped by your router (which perhaps returns an ICMP error message back to sender or not if it operates in 'stealth' mode).

There are only two cases where your router accepts incoming traffic to a specific TCP or UDP port:
  • For any NAT session (TCP or UDP) initiated by outgoing traffic, where the public UDP or TCP port used by the NAT session accepts reply traffic, but only as long as the NAT session exists.
  • For any TCP or UDP port for which you have configured a port forwarding rule. Such ports are permanently listening for any incoming traffic.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block a UDP port on the router?
« Reply #3 on: August 29, 2015, 11:24:41 AM »
PT, Thanks for the info. I had forgot about the direction. Thanks for the clairifcation.  I'll keep this in mind. ;)

Quote from: PacketTracer on August 28, 2015, 05:04:17 PM
@Furry: Sorry no. Access Control only controls outgoing traffic LAN --> Internet but not in the other direction.
@jc53: You don't have to explicitly block any TCP or UDP port because no such port is listening on your public IP address at your router's WAN interface for incoming connection initiating traffic! Hence any such traffic would be implicitly dropped by your router (which perhaps returns an ICMP error message back to sender or not if it operates in 'stealth' mode).

There are only two cases where your router accepts incoming traffic to a specific TCP or UDP port:
  • For any NAT session (TCP or UDP) initiated by outgoing traffic, where the public UDP or TCP port used by the NAT session accepts reply traffic, but only as long as the NAT session exists.
  • For any TCP or UDP port for which you have configured a port forwarding rule. Such ports are permanently listening for any incoming traffic.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.