You are not logged in.

#1 2015-10-19 14:35:57

Banderas
Member
Registered: 2015-08-11
Posts: 12

Firewall and what ports unlock

Hi!
I want use firewall on my home pc. I'm thinking about shorewall but I have small problem.
How know what ports unlock. I'm using steam,pidgin,thunderbird, trannsmision, teamspit etc.
How can I check what ports it need?

Last edited by Banderas (2015-10-19 15:42:32)

Offline

#2 2015-10-19 17:11:52

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: Firewall and what ports unlock

You need to find what particular services need to be unblocked and find this information from the particular service. This wikipedia page list the most common services and the corresponding port. For example you can see that encrypted IMAP use TCP port 993 (which is commonly used in thunderbird. You can also see a list of open port on your system by something like:

netstat --inet -p -a

Last edited by olive (2015-10-19 17:12:30)

Offline

#3 2015-10-19 20:59:22

ayekat
Member
Registered: 2011-01-17
Posts: 1,616

Re: Firewall and what ports unlock

I don't know all of those applications, but pidgin and thunderbird should normally not require any specific ports to be opened. Unless you are running some server, you seldom need to open ports.
Of course, the firewall needs to be configured in a way that valid response packets can still be accepted, and accepting ICMP packets (ping) is also considered good netizenship, and allowing all packets to loopback interfaces is recommended.


pkgshackscfgblag

Offline

#4 2015-10-20 06:04:31

olive
Member
From: Belgium
Registered: 2008-06-22
Posts: 1,490

Re: Firewall and what ports unlock

ayekat wrote:

I don't know all of those applications, but pidgin and thunderbird should normally not require any specific ports to be opened. Unless you are running some server, you seldom need to open ports.
Of course, the firewall needs to be configured in a way that valid response packets can still be accepted, and accepting ICMP packets (ping) is also considered good netizenship, and allowing all packets to loopback interfaces is recommended.

Thunderbird does not require inbound ports but well outbound ports. All internet access require outbound port. Firewall can blocked these as well. For the ping, your system will works properly without replying to this and there is no point to ping an arbitrary computer that is not a server. Anyway, most people these day connect via a router or a modem and have not a directly visible IP address (you need to configure the router or modem to allow transfer ports if you want to set up a server). If this is your case, the router/modem will respond to ping, not the computer. You should obviously not block any port on the loopback interface.

Last edited by olive (2015-10-20 06:06:30)

Offline

#5 2015-10-20 08:12:32

SubS0
Member
Registered: 2015-02-10
Posts: 39

Re: Firewall and what ports unlock

Banderas wrote:

I'm thinking about shorewall but I have small problem.

Why not try iptables directly ? Shorewall is just a frontend for iptables.
If your goal is to learn (?), you'll see it's not complicated and you'll learn (some) networking basics.
If you need more help, you should give more precisions.

@olive : netstat is obsolete (man netstat)

ss --ipv4 -tap

Last edited by SubS0 (2015-10-20 08:15:18)

Offline

#6 2015-10-21 02:16:47

Banderas
Member
Registered: 2015-08-11
Posts: 12

Re: Firewall and what ports unlock

Ok i will use iptables.
Do you know an application that writes logs on ports that wanted to open but could not?

Offline

#7 2015-10-21 06:42:00

ayekat
Member
Registered: 2011-01-17
Posts: 1,616

Re: Firewall and what ports unlock

iptables does that.

At the end of a chain (in which you drop packets by default), you could add something like

-A INPUT -m limit --limit 10/min -j LOG --log-prefix "drop-input " --log-level 7

pkgshackscfgblag

Offline

Board footer

Powered by FluxBB