Block udp

From WFilter Documents and Tutorials
Jump to: navigation, search

1 Introduction

In "pass-by" deployment mode, WFilter can only block TCP traffic. To block UDP traffic, you also need to block certain UDP ports in your router or firewall.

For example:

  • Tecent QQ works on udp 8000 by default, it also can use tcp ports 80 or 443 to connect when this udp port is not available. So for completely blocking of tencent QQ, not only you need block QQ in WFilter, but also need to block udp port 8000 in your router/firewall.
  • When using chrome to access google/youtube sites, QUIZ(UDP port 443) is preferred. If QUIZ is not available, it will switch to normal http/https.

In "pass-by" deployment mode, you're recommended to block udp ports 443-65534 in your router or firewall.

1.1 Examples of blocking udp ports

In this topic, we will list examples to block udp ports in router or firewall. If your WFilter is working in pass-through mode, you don't need to configure this. The IMNPTF driver will block udp traffic automatically in pass-through mode。

1.2 Note

  • You can add one simple rule to block udp ports 443-65534 in your router or firewall.
  • Blocking of these udp ports won't block your internet access, except for a few applications.
  • If an udp port is required, for example, application A needs to use UDP port "N". You can set your blocking ports ranges as: "443 -- (N-1)", "(N+1) -- 65534".
  • Without blocking of these udp ports, WFilter are still workable except of possible incomplete blocking of some protocols(for example: QQ, skype, Bittorrent).
Personal tools