With all ports closed, how can I access the internet?
I wanted to see how much I could close down my router from the rest of the internet. I was hoping turning on the firewall, removing any port forwarding and turning off UPnP would make me unable to even browse the internet. However, my PS4 still had a connection when trying it out, also any internet browsing also worked.
What am I missing here? How can ports 80/443 be open for web traffic? Also, the PS4 that requires a bunch of ports to be open still worked. Is it because the request is coming from inside my LAN that it opens these ports temporarily?
Access to the Internet consists of contacting hosts outside of your network, which relies on routing traffic via your local gateway, also your router typically. This traffic is sent to the router but not by accessing TCP or UDP ports since you're not trying to connect to the router itself. The router modifies the packets slightly (to make them look like they're being requested from a public IP address) and establishes outbound TCP connections (for the most part), which are bi-directional. Return traffic on an established TCP connection is expected and the router will forward it back to the original requesting host (i.e. PS4). This return traffic is not the same as an external host trying to open a port on your public IP address (probably set on your router).
With all ports closed and disabling port forwarding means in the context of the router to close all TCP and UDP ports (and possibly ICMP...) facing the external interface (i.e. the Internet), so this rejects all new connections aimed at your public IP address. Closing all your ports on the internal interface means you won't be able to connect to service ports on the router itself (thus effective locking yourself out of the admin interface, so don't do this). Neither of these will stop traffic being routed to the Internet. If you want to shut Internet access you need to make the router not route or forward traffic from the internal network. For example you could bring down the Internet interface (WAN) or add forwarding rules to block traffic from the internal network or disable masquerading (does not necessarily block traffic but effectively stops Internet access). This is not related to port numbers.