How to Restrict Online Access at Home: Block Ports

Page content

How do I Restrict Online Access?

Most often you want to restrict online access to keep your kids from using chat & IM programs, playing certain games, engaging in peer-to-peer file sharing, and possibly from streaming audio. So how do you do it? Well, most often blocking traffic on a network is done using a firewall. It is possible that port blocking or filtering is a feature of your router, switch, or modem as well, but often the interface is not as user friendly and flexible as a firewall.

Personal Firewall, Network Firewall, or Router

On your router, wireless router, cable modem, or firewall there may be specific settings to support port mapping and NAT port mapping. Often if these are not set then computers sharing the Internet connection on your LAN will not be able to access those services online.

If you have a single computer connected directly to a router or cable modem, restricting access may involve configuring the router or modem, or you could use a personal firewall on the computer to restrict access. Most personal firewall software will allow you to block outbound Internet access to specific applications and their respective ports, although the main focus of such software is to stop access from the Internet to the computer. If the PC firewall software is designed to route local network computers and devices to the Internet and use NAT, there will be varied and effective ways to restrict access to games, instant messaging, chat, and video and streaming audio applications.

This sort of outbound port blocking is not guaranteed on DSL modems, cable modems, or wireless routers or switches, but is very often included in Wireless Internet Access routers and switches with routing designed to share Internet access.

Blocking Instant Messaging Ports or Game Ports

Computer games and Instant Messaging applications use particular networking features of TCP/IP to communicate across the network or Internet, called ports. Ports are numeric values, have a wide range, and many numbers are assigned to particular applications. Connection based applications like games often use TCP ports, chat and IM applications usually use UDP ports. This is not written in stone. AIM usually uses TCP port 5190 by default, but AIM and ICQ can use various ports, so they can be hard to block. In the firewall or router configuration there will usually be a list where you can enter a port or range of ports, TCP or UDP, and choose allow or deny. To block AIM’s default port you would enter TCP, 5190, and deny. That’s how to get started.

More Information

After you make your changes, you can try to run the particular application that access the port or ports you have blocked, and see if it works. Check the application to see if it can use alternate ports, and block those as well. You can also use an online vulnerability scanner to see if those ports are accessible inbound to the computer. If they are, blocking them inbound is a good idea as well.

For more information on port blocking, application access control, security settings and checking and testing for vulnerabilities, read my articles on The Top 5 Free Port Scanners, The Top 5 Security Mistakes That Users Keep Making, and A Beginner’s Guide To Penetration Testing.