How to set up access rules for TP-Link SMB router?

In some cases, we would like to set up a blacklist or whitelist to limit the Internet access. For example, sometimes we don’t want the users to use IPsec VPN, and we may want to provide http website access only. In this article, we would guide you how to set up these two scenarios by setting up Access Rules.

If you want to block some specified websites, you can also refer to FAQ827.


Part 1. Blacklist: Block IPsec VPN


Step 1. Login to web GUI. Go to Firewall-> Access Control-> Service. Add UDP port 500 and name it as IPsec or any other words as you like.

And add UDP port 4500, name it as IPsec-NAT or any other words as you like.

Now we can see these two entries shown in the Service list.

Step 2. Go to Firewall-> Access Control-> Access Rules. Set up the rules as shown below.

The Interface means where the packets from. If LAN is selected, this rule will take effect for the packets from LAN to WAN.

Here we take as an example. You can specify the Source based on IP/MASK or User Group. The Destination could be specified by IP/MASK.


We can see these two rules in List of Rules. IPsec VPN has been blocked now.


Part 2. Whitelist: Allow HTTP only and block all other services


Login to the Web GUI. Go to Firewall-> Access Control-> Access Rules. Set up the following three entries as shown.

First of all, we should allow DNS service because DNS service always works together with HTTP service. If you want to set up rules for other services, you can define it in Firewall-> Access Control-> Service.

We should also allow HTTP service for all the Source and Destination.

By default, all services are allowed in the Access Rules. In order to block other services, we need to block All Services in the last.

The router will try to match all the rules one by one for each packet. When we set up whitelist, this block-all rules must be added in the last.


We can see these three entries in the List of Rules. Now all services have been blocked except HTTP and DNS.

This Article Applies to:
TL-R470T+ , TL-R480T+ , TL-ER5120
User Application Requirement | Updated 01-22-2016 02:30:40 AM