Network Security is Important.
I have listed some very commonly used TCP/UDP ports. As a recommendation I would DENY all ports and connection inbound from the internet or on the (WAN) Wide Area Network side of your home network. On your Local Area Network (LAN) you will want to DENY all unwanted ports or ports for services not used like FTP or VNC over the internet. Most things go across ports 80 for HTTP and 443 for HTTPS.
RECOMMENDED
BLOCK ALL IN AND OUT
IF YOU WANT TO ALLOW/DENY BY PORT
9 Wake On LAN
20 FTP
21 FTP
22 SSH
23 TELNET
25 SMTP - SEND EMAIL
69 TFTP
115 SFTP
161 SNMP
162 SNMP
513 RLOGIN
514 REMOTE SHELL
2049 NFS
445 SMB
3020 SMB/CIFS
3389 RDP
5500 VNC
5800 VNC
5900 VNC
6660 - 6669 IRC / BOTNET
“Allow What is Needed” rules here
but
RECOMMENDED
“Deny All Else” - rule here
This will catch anything and everything not allowed by a rule.
“BLOCK” do NOT “REJECT” on the WAN side
Couple of different approaches.
If you do the block all and allow only a list of ports you will need to babysit and do research!
Some ports for starter:
80 HTTP
443 HTTPS
53 DNS
22 SSH
---/-------Deny – IN/OUT-----/---
RECOMMENDED PORTS to Deny in/out allows
9 Wake On LAN
20 FTP
21 FTP
23 TELNET
25 SMTP - SEND EMAIL
69 TFTP
115 SFTP
161 SNMP
162 SNMP
513 RLOGIN
514 REMOTE SHELL
2049 NFS
445 SMB
1900 UPnP
3020 SMB/CIFS
3389 RDP
5000 UPnP
5500 VNC
5800 VNC
5900 VNC
6660 - 6669 IRC / BOTNET
Maybe known VPN ports 8000,8080 and others
Deny or Allow all else