RT-AC88U Port Blocking, Am I doing it right?

[SystemF]

H guys! Want to block specific port, never do it. Just read the faq, but did't know is it right.
Port is 10000 both protocols.
Settings
Or I need to add for tcp: tcp,tcp all,tcp syn, tcp ack, tcp fin... seperate entire for each?

 

[ColinTaylor]

Most importantly you need to change TCP ALL to TCP.

Source and destination IP's can be left blank instead of using *.*.*.*

You should only specify either the source or the destination port, not both. Are you trying to block access to port 10000 on a remote server, or from port 10000 on one of your LAN devices?

 

[SystemF]

Hi! Thanks for respond. I'm trying to block all incoming communication on port 10 000 all protocols, following latest discovered utorrent security flaws. Trying to block port 10000 from a remote server on my lan.
So i just choose TCP (TCP covers,include all others tcp all,sync....and so on) right?

 

[ColinTaylor]

I'm trying to block all incoming communication on port 10 000 all protocols, following latest discovered utorrent security flaws. Trying to block port 10000 from a remote server on my lan.

I don't know anything about the security flaw but it sounds like you are using the wrong technique to block the traffic. As it states at the top on the configuration page, "The Network Services filter blocks the LAN to WAN packet exchanges". It doesn't block incoming traffic. If you want to block incoming traffic you would need to create a firewall-start script.

So i just choose TCP (TCP covers,include all others tcp all,sync....and so on) right?

You should just use TCP for normal TCP traffic. TCP SYN, TCP ACK, etc. refer to TCP flag states and can be ignored for 99.99% of cases. TCP ALL refers to all flags so can also be ignored in 99.99% of cases.

Perhaps if you gave a link describing the security issue I'd be better able to understand what you are trying to do.

 

[SystemF]

If you want to block incoming traffic you would need to create a firewall-start script.

How to create firewall-start script Asuswrt doesn't support scripts imho, maybe i wrong.

utorrent securty flaws: Link
Link2
Link3
There is a soloutin but I want to block also all incoming traffic to port 10000

 

[ColinTaylor]

Yes, you are correct about custom scripts on stock firmware. I forgot you are running that.

My understanding from the links you posted is that this is a webpage exploit. i.e. by visiting a malicious website your browser can attack uTorrent running on the same machine.

So there is no point trying to block traffic on the router, either with NSF or firewall-start because the traffic is not going that way. It is the browser on your PC that is performing the attack. So it is uTorrent that needs to be fixed, it can't be done on the router.