diff --git a/src/mesh/Router.cpp b/src/mesh/Router.cpp
index 391c827de..cb67952b7 100644
--- a/src/mesh/Router.cpp
+++ b/src/mesh/Router.cpp
@@ -742,6 +742,22 @@ void Router::handleReceived(meshtastic_MeshPacket *p, RxSource src)
             cancelSending(p->from, p->id);
             skipHandle = true;
         }
+#if ARCH_PORTDUINO
+        if (portduino_config.whitelist_enabled) {
+            bool allowed = false;
+            for (const auto &port : portduino_config.whitelist_ports) {
+                if (port == p->decoded.portnum) {
+                    allowed = true;
+                    break;
+                }
+            }
+            if (!allowed) {
+                LOG_DEBUG("Dropping packet not on Portduino Whitelist");
+                cancelSending(p->from, p->id);
+                skipHandle = true;
+            }
+        }
+#endif
     } else {
         printPacket("packet decoding failed or skipped (no PSK?)", p);
     }
diff --git a/src/platform/portduino/PortduinoGlue.cpp b/src/platform/portduino/PortduinoGlue.cpp
index 4b9f2579c..1e1fa588b 100644
--- a/src/platform/portduino/PortduinoGlue.cpp
+++ b/src/platform/portduino/PortduinoGlue.cpp
@@ -843,7 +843,14 @@ bool loadConfig(const char *configPath)
             portduino_config.sfpp_backlog_limit = (yamlConfig["StoreAndForward"]["BacklogLimit"]).as<uint32_t>(100);
             portduino_config.sfpp_steal_port = (yamlConfig["StoreAndForward"]["StealPort"]).as<bool>(false);
         }
-
+        if (yamlConfig["Routing"]) {
+            if (yamlConfig["Routing"]["WhitelistPorts"]) {
+                portduino_config.whitelist_ports = (yamlConfig["Routing"]["WhitelistPorts"]).as<std::vector<int>>();
+                if (portduino_config.whitelist_ports.size() > 0) {
+                    portduino_config.whitelist_enabled = true;
+                }
+            }
+        }
         if (yamlConfig["General"]) {
             portduino_config.MaxNodes = (yamlConfig["General"]["MaxNodes"]).as<int>(200);
             portduino_config.maxtophone = (yamlConfig["General"]["MaxMessageQueue"]).as<int>(100);
diff --git a/src/platform/portduino/PortduinoGlue.h b/src/platform/portduino/PortduinoGlue.h
index 1179e8e00..d9c050d33 100644
--- a/src/platform/portduino/PortduinoGlue.h
+++ b/src/platform/portduino/PortduinoGlue.h
@@ -2,6 +2,7 @@
 #include <fstream>
 #include <map>
 #include <unordered_map>
+#include <vector>
 
 #include "LR11x0Interface.h"
 #include "Module.h"
@@ -184,6 +185,10 @@ extern struct portduino_config_struct {
     // Are we allowing unknown channel hashes? Does this even make sense?
     // Allow DMs
 
+    // Routing
+    bool whitelist_enabled = false;
+    std::vector<int> whitelist_ports = {};
+
     // General
     std::string mac_address = "";
     bool mac_address_explicit = false;
@@ -518,6 +523,13 @@ extern struct portduino_config_struct {
             out << YAML::EndMap; // StoreAndForward
         }
 
+        // Routing
+        if (whitelist_enabled) {
+            out << YAML::Key << "Routing" << YAML::Value << YAML::BeginMap;
+            out << YAML::Key << "WhitelistPorts" << YAML::Value << whitelist_ports;
+            out << YAML::EndMap; // Routing
+        }
+
         // General
         out << YAML::Key << "General" << YAML::Value << YAML::BeginMap;
         if (config_directory != "")