Allow any to WAN rule, what protocols and why?

[senser]

Generally you would only need to allow TCT/UDP to any on wan for a home router, I guess...but the default is to allow all protocols. The list of those protocols is long, many of them i have no clue about. Wouldn‘t it be better for me to allow TCP/UDP only? Thanks.

[lar.hed]

What I think you are referring to, is white list only what you need, everything else is blacklisted?

I just did this, since that is how I like this. I made a bunch of misstakes on the way, so I say this: Are you sure you need to?

If you are only running the most normal vanilla stuff, you need to allow port:
80 - HTTP
443 - HTTPS
53 - DNS or 853 for DNS-over-TLS (Unbound Plus)

Maybe:
123 - NTP

Thats about that. But are you sure you like to walk this very tiny road down?

[senser]

Yes, I wonder if I should be be more strikt and allow only TCP/UDP to Any on WAN instead of all protocols or if that is a bad idea.

I dont want to allow only certain ports, that is too tedious.

[lar.hed]

I do not see the point in only allowing UDP/TCP ports - not worth it at all.

As I wrote, I have done alot to get into a "whitelist" kind och installation, and man it is still giving me problems (with MultiWAN for the moment, everything else seems to work). So I say this: Don't do it.

[chemlud]

As long as you don't understand what you are doing: Don't do. ;-)

That said: for normal browsing port 80/443 and TCP(/UDP) (plus DNS via OPNsense port 53) is enough. But only you know what all your clients need on your network.