Hi,
For some reason, I need to block all MQTT SSL trafic going from LAN to WAN, in router RUT300.
It means, blocking any outgoing traffic on TCP ports 8883 (and 8884 in my case too).
I have created a new forward rule as below.
The firewall rule seems correct, so it should block the TCP packets on these ports.
Are you testing this from a device connected to the LAN of RUT300?
Perhaps you have some other traffic rules that explicitly allow these ports? Could you try moving the ‘BlockMQTT’ rule to the top of the list in traffic rules?
Maybe you have a VPN configured as a default gateway? In this case, if all traffic is routed via VPN, you would need to change the destination zone from WAN to your VPN zone, since the traffic will be going from LAN to VPN.
Since I am not fully aware of all your configurations, could you please try restoring the device to factory defaults, and without making any changes (except for the ones that are absolutely necessary for internet connectivity), try configure the rule again and check if it works?