Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] Which ports to involve with firewall?

Hybrid View

  1. #1
    Join Date
    May 2024
    Beans
    48

    Lightbulb [SOLVED] Which ports to involve with firewall?

    if I use the common familiar Linux firewall stuff, how do I know which ports to edit?
    This is the main stumbling block I have so my systems end up insecure and the hackers in this area are fierce.

    Please help, if you can.

    I'm in between distros for now, so I have nothing in front of me yet.

    SOLVED: See posts by 'TheFu' in this thread.
    Thanks 'TheFu' ! Awesome response.
    Last edited by 909mjolnir; May 29th, 2024 at 11:12 PM. Reason: TheFu (user) posted a viable solution and referenced a file list

  2. #2
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Which ports to involve with firewall?

    What do you mean by "edit"? Blocking ports is typically not necessary unless you're planning on vising untrusted networks, and even then the default Ubuntu installation does not really expose anything.

  3. #3
    Join Date
    May 2024
    Beans
    48

    Re: Which ports to involve with firewall?

    @currentshaft :

    Yeah, I've heard that before, years ago. But it just isn't true anymore. There's tone of articles since about 2019 talking about Linux's need for better security defaults and implementation. I can't find hardy any tutorials yet.

  4. #4
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Which ports to involve with firewall?

    Quote Originally Posted by 909mjolnir View Post
    @currentshaft :

    Yeah, I've heard that before, years ago. But it just isn't true anymore. There's tone of articles since about 2019 talking about Linux's need for better security defaults and implementation. I can't find hardy any tutorials yet.
    It is true. The burden is on you to provide objective evidence to the contrary. A vague first-hand recollection of some 5 year old "articles" does not suffice for the same. The lack of "hardy any tutorials [sic]" is proof you don't need to worry about this problem.

    If you want to care about security, that's great, but the network firewall is not something to concern yourself with, unless you travel to sketchy places, and even then the default set of services on Ubuntu presents no risk.

  5. #5
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: Which ports to involve with firewall?

    This looks interesting: https://safing.io/

    It will take a small learning curve.

  6. #6
    Join Date
    Mar 2010
    Location
    /home
    Beans
    9,646
    Distro
    Xubuntu

    Re: Which ports to involve with firewall?

    Quote Originally Posted by 909mjolnir View Post
    if I use the common familiar Linux firewall stuff
    What does that mean?

    Are you using a GUI frontend?

    There are many threads on the forum that discuss ports and basic rules about what to block (or not).

    Would be worthwhile searching for them I think.

  7. #7
    Join Date
    Jun 2021
    Location
    Third rock from the sun.
    Beans
    Hidden!

    Re: Which ports to involve with firewall?

    i use GUFW which i enable then set to 'public' it does most of the basic 'firewall stuff' that is needed ..
    Nothing travels faster than the speed of light, with the possible exception of bad news, which obeys its own special laws. (Douglas Adams)

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Which ports to involve with firewall?

    For high security, block everything coming in and everything going out. Then open outbound ports in the firewall that are needed for the specific things you do.

    For example, do you want to connect to a mail server for reading and replying to email? That's usually port 465/tcp (SMTPs) and 993/tcp (IMAPS).

    Do you want to access remote websites? Those use post 80/tcp and 443/tcp, typically. Streaming videos may hop to a different port and may use UDP instead of TCP.
    You'll likely want DNS to be allowed. Depending on which type of DNS you use, that can be on port 53/udp or 53/tcp or if you use DNS-over-HTTPS, that would use 443/tcp.

    Want to print to a network printer? CUPS is usually on port 631/tcp.

    The major ports used for different network services are listed in the /etc/services file. May want to review that.

    CIFS, NFS, ssh, are a few other things commonly used.

    What most people do is to block all incoming connections, then allow all outbound connections on their workstations. Then they would add specific rules for the inbound network services only if needed. You can allow those for any systems on the same subnet or for specific IPs on the subnet. If you do specific IPs, then you'll need to have a well-managed network.
    For one of my LAN servers, here are all the inbound firewall rules
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    4949/tcp                   ALLOW       172.22.22.4               
    111                        ALLOW       172.22.22.0/24            
    2049                       ALLOW       172.22.22.0/24            
    22/tcp                     ALLOW       172.22.22.0/24            
    8096                       ALLOW       172.22.22.0/24            
    13025                      ALLOW       172.22.22.0/24            
    5353                       ALLOW       172.22.22.0/24            
    3142                       ALLOW       172.22.22.0/24             # apt-cacher-ng
    1900                       ALLOW       172.22.22.0/24             # DLNA
    6600                       ALLOW       172.22.22.0/24            
    123/udp                    ALLOW       172.22.22.0/24            
    7359/udp                   ALLOW       172.22.22.0/24             # Jellyfin Discovery UDP
    8000                       ALLOW       172.22.22.0/24             # Jellyfin TV Icons
    8181                       ALLOW       172.22.22.0/24
    Each was carefully selected for specific reasons. Another servers has these rules:
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    631                        ALLOW       172.22.22.0/24            # Printing
    22                         ALLOW       172.22.22.0/24            # ssh
    4949/tcp                   ALLOW       172.22.22.4
    5353/udp                   ALLOW       Anywhere                  # zeroconf/avahi/mdns
    2049                       ALLOW       172.22.22.0/24            # NFS
    13025                      ALLOW       172.22.22.0/24            # NFS
    111                        ALLOW       172.22.22.0/24            # ident
    My desktop has these rules:
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    22/tcp                     ALLOW       Anywhere                  
    4949/tcp                   ALLOW       172.22.22.4
    I figured seeing real examples would be helpful. These are only the rules controlled by UFW. I have some other rules that get added dynamically when using VPN software. My VPN server has a bunch of rules to allow connections between different subnets.

  9. #9
    Join Date
    May 2024
    Beans
    48

    The Antwerd (answer) Which firewall ports?

    @TheFu

    My god, man, you have the answer.
    I don't know how anybody ever learns this stuff.
    It's not exactly common knowledge.

    Thanks so much.
    I will see if I can give it a go eventually.
    I don't want to mess up my internet.

    But thanks! Seems like the answer.

    Quote Originally Posted by TheFu View Post
    For high security, block everything coming in and everything going out. Then open outbound ports in the firewall that are needed for the specific things you do.

    For example, do you want to connect to a mail server for reading and replying to email? That's usually port 465/tcp (SMTPs) and 993/tcp (IMAPS).

    Do you want to access remote websites? Those use post 80/tcp and 443/tcp, typically. Streaming videos may hop to a different port and may use UDP instead of TCP.
    You'll likely want DNS to be allowed. Depending on which type of DNS you use, that can be on port 53/udp or 53/tcp or if you use DNS-over-HTTPS, that would use 443/tcp.

    Want to print to a network printer? CUPS is usually on port 631/tcp.

    The major ports used for different network services are listed in the /etc/services file. May want to review that.

    CIFS, NFS, ssh, are a few other things commonly used.

    What most people do is to block all incoming connections, then allow all outbound connections on their workstations. Then they would add specific rules for the inbound network services only if needed. You can allow those for any systems on the same subnet or for specific IPs on the subnet. If you do specific IPs, then you'll need to have a well-managed network.
    For one of my LAN servers, here are all the inbound firewall rules
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    4949/tcp                   ALLOW       172.22.22.4               
    111                        ALLOW       172.22.22.0/24            
    2049                       ALLOW       172.22.22.0/24            
    22/tcp                     ALLOW       172.22.22.0/24            
    8096                       ALLOW       172.22.22.0/24            
    13025                      ALLOW       172.22.22.0/24            
    5353                       ALLOW       172.22.22.0/24            
    3142                       ALLOW       172.22.22.0/24             # apt-cacher-ng
    1900                       ALLOW       172.22.22.0/24             # DLNA
    6600                       ALLOW       172.22.22.0/24            
    123/udp                    ALLOW       172.22.22.0/24            
    7359/udp                   ALLOW       172.22.22.0/24             # Jellyfin Discovery UDP
    8000                       ALLOW       172.22.22.0/24             # Jellyfin TV Icons
    8181                       ALLOW       172.22.22.0/24
    Each was carefully selected for specific reasons. Another servers has these rules:
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    631                        ALLOW       172.22.22.0/24            # Printing
    22                         ALLOW       172.22.22.0/24            # ssh
    4949/tcp                   ALLOW       172.22.22.4
    5353/udp                   ALLOW       Anywhere                  # zeroconf/avahi/mdns
    2049                       ALLOW       172.22.22.0/24            # NFS
    13025                      ALLOW       172.22.22.0/24            # NFS
    111                        ALLOW       172.22.22.0/24            # ident
    My desktop has these rules:
    Code:
    $ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    22/tcp                     ALLOW       Anywhere                  
    4949/tcp                   ALLOW       172.22.22.4
    I figured seeing real examples would be helpful. These are only the rules controlled by UFW. I have some other rules that get added dynamically when using VPN software. My VPN server has a bunch of rules to allow connections between different subnets.

  10. #10
    currentshaft is offline Oops! My Coffee Cup is empty.
    Join Date
    May 2024
    Beans
    Hidden!

    Re: Which ports to involve with firewall?

    With all due respect, a traditional firewall as you've described is effectively 100% security theater which is not going to prevent Real Bad Things(tm) from happening.

    Local malware will just use TCP port 443, the same port which is allowed for web browsing.

    If anything, these sort of firewalls actually worsen security because they provide a false sense of protection, by creating a proverbial moat which appears impenetrable but is in reality a weak and meaningless boundary.

    If you want security, do not install and expose unnecessary services, and those which are exposed should use mutual authentication based on strong crypto. This is also known as "zero trust".

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •