i want to block all ports using ufw except http/https, basically just to browse the web

i used this

this is my output

anything else i could do, maybe default disable outgoing by default?
is it ok to eliminate v6, i assume ipv6
is ok ALLOW OUT? as i understand this means connection that my pc starts to another ip


edit:
it seems my browser doesent work if i set default deny (outgoing)
after running 'lsof -i' it seems firefox has connections from local ports 56389 44274 22400 127612 to the websites's https (443)

but if i let any local port to connect to remote https, with something like this
sudo ufw allow out to any port 80
that leaves room for other programs (like possibly malware) to communicate

Start with the docs.
https://wiki.ubuntu.com/UncomplicatedFirewall
http://manpages.ubuntu.com/manpages/...an8/ufw.8.html

https://www.booleanworld.com/depth-g...inux-firewall/

Then allow through/block what you wish.

1 members found this post helpful.

Your desktop doesn't use port 80 (or port 443) to connect from your browser. Those ports are used by the remote web servers...those are the ports they listen on and respond from.

As you saw, your 'puter is using very high port numbers to connect outbound to remote servers. Yes, those ports (the high ones) need to be open to outbound traffic in order for you to be able to surf the web.

I don't use ufw, so can't help you with specifics...I just wanted to clarify that, unless you are running a web server, ports 80 and 443 on your machine are not used at all.