Hi there,
Firstly regarding the open ports you mention:
- 631 is used by CUPS (printing)
- 5353 is multicast DNS
- I'm not sure what UDP ports 323 and 49575 are used for - which process does netstat say are using them?
Are these services listening on all interfaces (0.0.0.0
ort in the "Local Address" column, or only on the loopback interface (127.0.0.1
ort)?
Regarding nmap, the "nmap -A localhost" command doesn't scan UDP ports, which explains the difference between it's output and that from netstat. Try "nmap -sU -A localhost" to see open UDP ports.
Regarding nmap/netstat vs the firewall rules, they can easily differ. If a service isn't running at the moment, it won't show in nmap/netstat. That doesn't mean it will be blocked by the firewall, though, so it might inadvertently become accessible if it is started. It's therefore better to block everything except the services you specifically want to be accessible, to future proof the configuration a little.
To see what is actually open from a firewall point of view, it's best to look at the iptables listing. Start with the output from "sudo iptables -t filter -L".
Is the machine in question your workstation, or a server?
I'm afraid I'm not familiar with the specific firewall configuration tool you're using. From a quick online search it seems similar to other tools, though. Most likely what you are looking at is the ports which are open for
connections from outside to your computer. Outgoing connections from your computer are usually allowed on all ports. If this is a workstation, you should not need to open these ports to the outside. For ports 80 and 443 for example, you only need them open if you're running a web server on your machine, and want to access it from another machine.
For ports 1025-65535, it looks like these were opened by default in F21 Workstation - see
https://lwn.net/Articles/626302/. You should be able to safely close these in most cases.
If this doesn't answer your question, please post the output from the iptables command above, then we can elaborate further.
Regards,
Clifford