I'm trying to block new connections from the lan side's amt ports to the internet, which shouldn't need any special setup on the router. This should happen if malware called their command ip reporting in.
The router has no port forwarding nor nat setup to allow incoming connections to seek machines inside. In general most incoming new connections are blocked. Still my threats blacklist rule gets triggered. Call me paranoid, but rather block them, than expect the router to do it by itself