Generally you would only need to allow TCT/UDP to any on wan for a home router, I guess...but the default is to allow all protocols. The list of those protocols is long, many of them i have no clue about. Wouldn't it be better for me to allow TCP/UDP only? Thanks.
What I think you are referring to, is white list only what you need, everything else is blacklisted?
I just did this, since that is how I like this. I made a bunch of misstakes on the way, so I say this: Are you sure you need to?
If you are only running the most normal vanilla stuff, you need to allow port:
80 - HTTP
443 - HTTPS
53 - DNS or 853 for DNS-over-TLS (Unbound Plus)
Maybe:
123 - NTP
Thats about that. But are you sure you like to walk this very tiny road down?
Yes, I wonder if I should be be more strikt and allow only TCP/UDP to Any on WAN instead of all protocols or if that is a bad idea.
I dont want to allow only certain ports, that is too tedious. :)
I do not see the point in only allowing UDP/TCP ports - not worth it at all.
As I wrote, I have done alot to get into a "whitelist" kind och installation, and man it is still giving me problems (with MultiWAN for the moment, everything else seems to work). So I say this: Don't do it.
As long as you don't understand what you are doing: Don't do. ;-)
That said: for normal browsing port 80/443 and TCP(/UDP) (plus DNS via OPNsense port 53) is enough. But only you know what all your clients need on your network.