How to block certain UDP ports in router/firewall?

4.0

Author:
IMFirewall Software
HomePage:
http://www.imfirewall.us

1. Introduction

In "pass-by" deployment mode, WFilter can only block TCP traffic. To block UDP traffic, you also need to block certain UDP ports in your router or firewall.

For example: Tecent QQ works on udp port 8000 by default, it also can use tcp ports 80 or 443 to connect when this udp port is not available. So for completely blocking of tencent QQ, you also need to block udp port 8000 in your router/firewall.

Please Notice:

  1. To make it simple, you're recommended to block udp ports 1024-65534 in your router/firewall.
  2. Since most internet applications work in tcp protocol, blocking of these udp ports will not influence your internet access.
  3. If one of your application needs to use udp, for example, application A needs to use UDP port "N". You can set your blocking ports ranges as: "1024 -- (N-1)", "(N+1) -- 65534".
  4. Without blocking of these udp ports, WFilter are still workable except of incomplete blocking of some protocols(for example: QQ, skype, Bittorrent).

2. Examples of blocking udp ports

#TitleDescription
1 cisco 2811 Block udp ports in cisco 2811 router


For more information, please check WFilter Deployment Examples and WFilter Configuration Examples.