Firewall and what ports unlock

Banderas · 2015-10-19 14:35:57

Hi!
I want use firewall on my home pc. I'm thinking about shorewall but I have small problem.
How know what ports unlock. I'm using steam,pidgin,thunderbird, trannsmision, teamspit etc.
How can I check what ports it need?

Last edited by Banderas (2015-10-19 15:42:32)

olive · 2015-10-19 17:11:52

You need to find what particular services need to be unblocked and find this information from the particular service. This wikipedia page list the most common services and the corresponding port. For example you can see that encrypted IMAP use TCP port 993 (which is commonly used in thunderbird. You can also see a list of open port on your system by something like:

netstat --inet -p -a

Last edited by olive (2015-10-19 17:12:30)

ayekat · 2015-10-19 20:59:22

I don't know all of those applications, but pidgin and thunderbird should normally not require any specific ports to be opened. Unless you are running some server, you seldom need to open ports.
Of course, the firewall needs to be configured in a way that valid response packets can still be accepted, and accepting ICMP packets (ping) is also considered good netizenship, and allowing all packets to loopback interfaces is recommended.

olive · 2015-10-20 06:04:31

ayekat wrote:

I don't know all of those applications, but pidgin and thunderbird should normally not require any specific ports to be opened. Unless you are running some server, you seldom need to open ports.
Of course, the firewall needs to be configured in a way that valid response packets can still be accepted, and accepting ICMP packets (ping) is also considered good netizenship, and allowing all packets to loopback interfaces is recommended.

Thunderbird does not require inbound ports but well outbound ports. All internet access require outbound port. Firewall can blocked these as well. For the ping, your system will works properly without replying to this and there is no point to ping an arbitrary computer that is not a server. Anyway, most people these day connect via a router or a modem and have not a directly visible IP address (you need to configure the router or modem to allow transfer ports if you want to set up a server). If this is your case, the router/modem will respond to ping, not the computer. You should obviously not block any port on the loopback interface.

Last edited by olive (2015-10-20 06:06:30)

SubS0 · 2015-10-20 08:12:32

Banderas wrote:

I'm thinking about shorewall but I have small problem.

Why not try iptables directly ? Shorewall is just a frontend for iptables.
If your goal is to learn (?), you'll see it's not complicated and you'll learn (some) networking basics.
If you need more help, you should give more precisions.

@olive : netstat is obsolete (man netstat)

ss --ipv4 -tap

Last edited by SubS0 (2015-10-20 08:15:18)

Banderas · 2015-10-21 02:16:47

Ok i will use iptables.
Do you know an application that writes logs on ports that wanted to open but could not?

ayekat · 2015-10-21 06:42:00

iptables does that.

At the end of a chain (in which you drop packets by default), you could add something like

-A INPUT -m limit --limit 10/min -j LOG --log-prefix "drop-input " --log-level 7

Arch Linux

#1 2015-10-19 14:35:57

Firewall and what ports unlock

#2 2015-10-19 17:11:52

Re: Firewall and what ports unlock

#3 2015-10-19 20:59:22

Re: Firewall and what ports unlock

#4 2015-10-20 06:04:31

Re: Firewall and what ports unlock

#5 2015-10-20 08:12:32

Re: Firewall and what ports unlock

#6 2015-10-21 02:16:47

Re: Firewall and what ports unlock

#7 2015-10-21 06:42:00

Re: Firewall and what ports unlock

Board footer