First off, the forum doesn't scale images, and I am already doing a lot of work to get this done so I am not going to scale them down myself. PLEASE DO NOT QUOTE in a reply.
It has been a while since I used the dir-655 so I cannot remember in which order the rules fall after creating them, if the previous rule is at the bottom of the list and each subsequent rules fall on top or visa-versa. That being said, here is how you accomplish this feat.
Go to Access Control, Enabe Access Control then Add Policy
Give policy a name. Set the policy to always apply. Set address type to MAC. If computers are already on the network and recognzied, you can add macs by selecting the computer in the corresponding drop down menu. Click on ok, then repeat the steps for other computers. After each computer, you will have to set the radio box to "MAC" again because it likes to switch back to "IP". When done click next.
click on the radio button "block some access" and check off "Apply Advanced Port Filters" then click next.
Give each filter a name, enter the IP address ranges.
I would suggest applying the full subnet to this rule in case some decide to set a static IP address outside the DHCP range. Don't add the router's address since that will block other essential communications between router and hosts and router and the internet etc.
Next choose the protocol and then the port ranges. For the ports you WANT to keep, make sure they don't fall within the port ranges.
As you can see from my example, I am allowing DNS, HTTP and HTTPS ONLY. Everything else with the TCP protocol is blocked. This alone won't block torrents as they can use UDP as well.
To effectivly block one port, you need two rules. ie: in the example, I have blocked ports 1-52 and 54-79 Notice how I skipped over port 53, which is used for DNS resolution. (translating urls into IP addresses). The same is done with port 80 and finally with the SSL port, 443.
Once you have filled all these sections up with ports you want to block, click "SAVE".
If you used up all your rule slots, you will have to repeat the steps again to create more rules.
Do NOT exit out of the Access control or reboot the router when you are done. Instead, repeat the steps above in a new policy, substituting the TcP protocol with UDP.
Once you have both policies made, create yet another policy
When you get to the section asking to block some, block all, or log web access only, you will want to choose the option to "log web access only"
and put in the MAC addresses of the computers that will have full access to which your port filtering rules will not apply. As shown below. Make sure this rule is at the top of the list from the other rules.
Once this is all completed. reboot the router (since it's impossible to clear state tables). This will force clients to reconnect and adhere to your policies.