PDF format - 4.5.1 Firewall Configuration https://fullscale4me.com/uncomplicated-firewall.pdf
Pasted below is the current (Updated: November 05, 2023) version.
4.5.1 Firewall Configuration
The "Firewall Configuration" is a GUI app used for the configuration of the "Uncomplicated Firewall", aka UFW. This makes it a simple task for novice users to configure their firewall.
This GUI app (gufw) is installed by default in Xfce and Fluxbox only. KDE users can search in MXPI for the package named ‘gufw’ to get the same "Firewall Configuration" app.
In MX Linux 23, the Firewall is enabled and set to ignore all Incoming connections. This may prevent discovery of printers and some popular applications from working correctly. Programs may wait a long time to connect and never do so, or give an error message. Some of these error messages are not very clear.
Printing via CUPS
Use the Firewall Configuration app and add the "Preconfigured" rule "CUPS". This adds a rule for port 631 for both TCP and UDP. Some printer drivers may use ports 139 & 445 over TCP.
Samba - file sharing
Samba uses just port 445 with the TCP protocol for the latest versions of Windows. To configure a "Simple" rule run the “Firewall Configuration” app:
• Click the Rules button and then +.
• Click the Simple tab.
• In Name: type “Samba – 445”.
• In the Protocol; select TCP. In Port: type “445”.
• Click the “ Add” button and then Close.
Example of adding 'simple' a firewall exception rule for Samba – 445.
Samba Note: There are many other guides that show more ports being opened. They are for older versions of Samba and should NOT be used. Newer devices use SMB2 & SMB3. Enabling the additional port ranges as stated in those guides *MAY* result in data loss, Ransomware, Malware, and or privacy issues.
Common Firewall Port usage
* Avahi 5353 UDP (common mDNS provider). Preconfigured rule: "PLEX Avahi discovery".
CIFS (Common Internet File System) UDP ports 137 and 138, and TCP ports 139 and 445. †
* CUPS IPP/PPS printing 631 TCP More - https://www.cups.org/doc/firewalls.html ‡
AppSocket/JetDirect printing 9100-9102 TCP
DNS 53 both
* DropBox TCP 90. 443, 17600 & 17601 (3rd pty file apps). TCP 17500 LAN Sync feature
Duckto 4644
* FTP 20 & 21
Hplip 5353 UDP
* KDE Connect - port range 1714-1764 for UDP and TCP
LocalSend 53317 TCP & UDP
* IRC 6697 (IRC SSL)
* mDNS 5353 UDP DNS Lookup. Preconfigured rule: "Multicast DNS" See also: Avahi.
* NFS 111 & 2049 TCP & UDP
* NTP/SNTP 123
OpenVPN 1194 TCP & UDP
Printing & SMB Printer sharing – see CUPS above.
Plex Media Server TCP: 32400
Remote Desktop 3389
* Samba (pre 2012 devices - SMB1/NT1) UDP ports 137 & 138; TCP ports 135, 137. 139 & 445. †
Samba modern: SMB version 2 & SMB version 3 implementations TCP port 445
Scrcpy 5555 TCP
SMB Printing see CUPS above.
Spotify uses port 4070 TCP by default. If it is unable to connect on that port, it will roll to port 443, then port 80
* SSH 22
Syncthing 22000 TCP & UDP - host-to-host 9806
* Teamviewer TCP/UDP 5938, TCP 443, TCP 80
*Transmission 51413.
* VNC 5500/5900/5901 both.
Warpinator 42000 and 42001 Flatpack adds 5353 UDP
Wormhole/Magic Wormhole connection to ‘Mailbox’ aka Rendezvous Server 4000 & 4001
WSDD port 5357 TCP and port 3702 UDP - Add two "Simple" type rules.
* = Use the "Preconfigured" application rule for these common devices.
† = Enabling the above additional port ranges *MAY* result in data loss, Ransomware, Malware (such as WannaCry), and or privacy issues. TCP on ports 136 and 138 no longer implemented.
‡ = The printer connection, if connected to via Samba (default for a shared printer) *may* require opening port 445 on TCP on PCs not hosting the printer connection.
More ports https://www.linuxtrainingacademy.com/ports/
Please direct ALL support requests to the MX Linux Forum -- https://forum.mxlinux.org
Created by: FullScale4Me: June, 2023 Updated: November 05, 2023
