LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Outbound firewall ports
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-18-2021, 04:53 PM   #1
PsychoHermit
Member
 
Registered: Aug 2021
Location: Carson City Nevada
Distribution: Debian Testing
Posts: 137

Rep: Reputation: Disabled
Outbound firewall ports

Hi Folks,

I'm seeing blocked outbound traffic on my firewall and am wondering what ports I should have open on my firewall. And should I be concerned about any of this?

I have 53,67,68,123,5353/udp and 53,80,443/tcp open. I use gmail so I don't need the mail ports open.

Thanks for looking,
--glenn

Code:
Oct 17 00:21:05 PsychoBox kernel: [  210.153820] [UFW BLOCK] IN= OUT=wlo1 SRC=192.168.1.111 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=42985 DF PROTO=UDP SPT=60132 DPT=137 LEN=58 
Oct 17 00:21:17 PsychoBox kernel: [  221.761772] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4007:0817:0000:0000:0000:2003 LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=597713 PROTO=UDP SPT=35923 DPT=443 LEN=1345 
Oct 17 00:21:37 PsychoBox kernel: [  242.295433] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:21:37 PsychoBox kernel: [  242.296276] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:21:37 PsychoBox kernel: [  242.297209] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:22:37 PsychoBox kernel: [  302.307711] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4007:0817:0000:0000:0000:2004 LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=159843 PROTO=UDP SPT=51138 DPT=443 LEN=1345 
Oct 17 00:23:00 PsychoBox kernel: [  324.574169] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4023:0c0d:0000:0000:0000:005f LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=699970 PROTO=UDP SPT=37013 DPT=443 LEN=1345 
Oct 17 00:23:43 PsychoBox kernel: [  367.663402] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2 
Oct 17 00:23:43 PsychoBox kernel: [  367.664201] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2 
Oct 17 00:23:43 PsychoBox kernel: [  367.665664] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2
Last edited by PsychoHermit; 10-18-2021 at 05:03 PM.
 
Old 10-18-2021, 05:48 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,658

Rep: Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970Reputation: 7970
Quote:
Originally Posted by PsychoHermit View Post
Hi Folks,
I'm seeing blocked outbound traffic on my firewall and am wondering what ports I should have open on my firewall.
No idea...we don't know what (if any) services you need running that need access out of your firewall, or anything about your internal network or the rest of your setup.
Quote:
And should I be concerned about any of this? I have 53,67,68,123,5353/udp and 53,80,443/tcp open. I use gmail so I don't need the mail ports open.

Code:
Oct 17 00:21:05 PsychoBox kernel: [  210.153820] [UFW BLOCK] IN= OUT=wlo1 SRC=192.168.1.111 DST=192.168.1.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=42985 DF PROTO=UDP SPT=60132 DPT=137 LEN=58 
Oct 17 00:21:17 PsychoBox kernel: [  221.761772] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4007:0817:0000:0000:0000:2003 LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=597713 PROTO=UDP SPT=35923 DPT=443 LEN=1345 
Oct 17 00:21:37 PsychoBox kernel: [  242.295433] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:21:37 PsychoBox kernel: [  242.296276] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:21:37 PsychoBox kernel: [  242.297209] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=42234 PROTO=2 
Oct 17 00:22:37 PsychoBox kernel: [  302.307711] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4007:0817:0000:0000:0000:2004 LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=159843 PROTO=UDP SPT=51138 DPT=443 LEN=1345 
Oct 17 00:23:00 PsychoBox kernel: [  324.574169] [UFW BLOCK] IN= OUT=wlo1 SRC=2600:6c4e:2e7f:f1e0:1023:6f5e:4516:17cb DST=2607:f8b0:4023:0c0d:0000:0000:0000:005f LEN=1385 TC=0 HOPLIMIT=64 FLOWLBL=699970 PROTO=UDP SPT=37013 DPT=443 LEN=1345 
Oct 17 00:23:43 PsychoBox kernel: [  367.663402] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2 
Oct 17 00:23:43 PsychoBox kernel: [  367.664201] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2 
Oct 17 00:23:43 PsychoBox kernel: [  367.665664] [UFW BLOCK] IN=wlo1 OUT= MAC=01:00:5e:00:00:01:c4:41:1e:6c:4a:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=4192 PROTO=2
Seems to be a common thread:
https://www.linuxquestions.org/quest...ed-4175702237/
https://www.linuxquestions.org/quest...up-4175702190/

Are you running a boot server? If not, then stop whatever service is providing that (67 & 68). 53 is DNS. 80/443 are web (are you running a web server?) and 5353 is a plex media server (are you running one?) This is your third thread that's firewall/have-I-been-compromised related. Best network security advice is: if you don't need the service, then close the port.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Slow outbound, fast outbound cross country connection DurkaDurka Linux - Networking 7 06-20-2011 10:11 PM
how? redirect apache2 outbound ports to specific ports w/iptables? nowshining Linux - Security 5 05-27-2008 02:46 AM
are outbound ports converged while local ports are ok ? inanc Linux - Networking 0 02-06-2007 10:37 AM
How does linux allocate outbound ports ? genese Linux - Networking 2 12-21-2006 04:24 AM
ports, ports, ports cjae Linux - Networking 1 04-09-2006 09:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:03 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration