firewalld services info - cockpit-project/cockpit GitHub Wiki
Firewalld services
Information from firewalld service files
(located at /usr/lib/firewalld/services/), with port information
cross-referenced with /etc/services
Amanda Backup Client
The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.
Required module: nf_conntrack_amanda
| Port | Protocol | Service Info |
|---|---|---|
| 10080 | udp | amanda backup services amanda |
| 10080 | tcp | amanda backup services amanda |
Amanda Backup Client (kerberized)
The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication
Required module: nf_conntrack_amanda
| Port | Protocol | Service Info |
|---|---|---|
| 10082 | tcp | amanda backup services amandaidx |
Bacula
Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.
| Port | Protocol | Service Info |
|---|---|---|
| 9101 | tcp | Bacula Director bacula-dir |
| 9102 | tcp | Bacula File Daemon bacula-fd |
| 9103 | tcp | Bacula Storage Daemon bacula-sd |
Bacula Client
This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 9102 | tcp | Bacula File Daemon bacula-fd |
Bitcoin
The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node.
| Port | Protocol | Service Info |
|---|---|---|
| 8333 | tcp |
Bitcoin RPC
Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost.
| Port | Protocol | Service Info |
|---|---|---|
| 8332 | tcp |
Bitcoin testnet
The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network.
| Port | Protocol | Service Info |
|---|---|---|
| 18333 | tcp |
Bitcoin testnet RPC
Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost.
| Port | Protocol | Service Info |
|---|---|---|
| 18332 | tcp |
ceph
Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD) or Metadata Server Daemons (MDS).
| Port | Protocol | Service Info |
|---|---|---|
| 6800-7300 | tcp |
ceph-mon
Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.
| Port | Protocol | Service Info |
|---|---|---|
| 3300 | tcp | |
| 6789 | tcp | SMC-HTTPS smc-https |
CFEngine
CFEngine server
| Port | Protocol | Service Info |
|---|---|---|
| 5308 | tcp | CFengine cfengine |
Cockpit
Cockpit lets you access and configure your server remotely.
| Port | Protocol | Service Info |
|---|---|---|
| 9090 | tcp | WebSM websm |
HT Condor Collector
The HT Condor Collector is needed to organize the condor worker nodes.
| Port | Protocol | Service Info |
|---|---|---|
| 9618 | tcp | Condor Collector Service condor |
CTDB
CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.
| Port | Protocol | Service Info |
|---|---|---|
| 4379 | tcp | CTDB ctdb |
| 4379 | udp | CTDB ctdb |
DHCP
This allows a DHCP server to accept messages from DHCP clients and relay agents.
| Port | Protocol | Service Info |
|---|---|---|
| 67 | udp | bootps |
DHCPv6
This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.
| Port | Protocol | Service Info |
|---|---|---|
| 547 | udp | dhcpv6-server |
DHCPv6 Client
This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.
Destination:
- ipv6:
fe80::/64
| Port | Protocol | Service Info |
|---|---|---|
| 546 | udp | dhcpv6-client |
DNS
The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).
| Port | Protocol | Service Info |
|---|---|---|
| 53 | tcp | name-domain server domain |
| 53 | udp | domain |
Docker Registry
Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.
| Port | Protocol | Service Info |
|---|---|---|
| 5000 | tcp | commplex-main |
dropboxlansync
Dropbox LAN sync
| Port | Protocol | Service Info |
|---|---|---|
| 17500 | udp | Dropbox LanSync Discovery db-lsp-disc |
| 17500 | tcp | Dropbox LanSync Protocol db-lsp |
Elasticsearch
Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.
| Port | Protocol | Service Info |
|---|---|---|
| 9300 | tcp | Virtual Racing Service vrace |
| 9200 | tcp | WAP connectionless session service wap-wsp |
FreeIPA with LDAP
FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAP protocol. You can also enable the 'freeipa-ldaps' service if you want to provide the LDAPS protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.
| Port | Protocol | Service Info |
|---|---|---|
| 80 | tcp | WorldWideWeb HTTP http www www-http |
| 443 | tcp | http protocol over TLS/SSL https |
| 88 | tcp | Kerberos v5 kerberos kerberos5 krb5 |
| 88 | udp | Kerberos v5 kerberos kerberos5 krb5 |
| 464 | tcp | Kerberos "passwd" kpasswd kpwd |
| 464 | udp | Kerberos "passwd" kpasswd kpwd |
| 123 | udp | Network Time Protocol ntp |
| 389 | tcp | ldap |
FreeIPA with LDAPS
FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAPS protocol. You can also enable the 'freeipa-ldap' service if you want to provide the LDAP protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.
| Port | Protocol | Service Info |
|---|---|---|
| 80 | tcp | WorldWideWeb HTTP http www www-http |
| 443 | tcp | http protocol over TLS/SSL https |
| 88 | tcp | Kerberos v5 kerberos kerberos5 krb5 |
| 88 | udp | Kerberos v5 kerberos kerberos5 krb5 |
| 464 | tcp | Kerberos "passwd" kpasswd kpwd |
| 464 | udp | Kerberos "passwd" kpasswd kpwd |
| 123 | udp | Network Time Protocol ntp |
| 636 | tcp | LDAP over SSL ldaps |
FreeIPA replication
FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you want to enable LDAP replication between FreeIPA servers.
| Port | Protocol | Service Info |
|---|---|---|
| 7389 | tcp |
FreeIPA trust setup
FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory
| Port | Protocol | Service Info |
|---|---|---|
| 135 | tcp | DCE endpoint resolution epmap |
| 138-139 | tcp | NETBIOS Datagram Service netbios-dgm |
| 138-139 | udp | netbios-dgm |
| 389 | tcp | ldap |
| 389 | udp | ldap |
| 445 | tcp | microsoft-ds |
| 445 | udp | microsoft-ds |
| 1024-1300 | tcp | |
| 3268 | tcp | Microsoft Global Catalog msft-gc |
FTP
FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.
Required module: nf_conntrack_ftp
| Port | Protocol | Service Info |
|---|---|---|
| 21 | tcp | ftp |
ganglia-client
Ganglia monitoring daemon
| Port | Protocol | Service Info |
|---|---|---|
| 8660 | tcp |
ganglia-master
Ganglia collector
| Port | Protocol | Service Info |
|---|---|---|
| 8651 | tcp |
Red Hat High Availability
This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.
| Port | Protocol | Service Info |
|---|---|---|
| 2224 | tcp | Easy Flexible Internet/Multiplayer Games efi-mg |
| 3121 | tcp | pacemaker remote service pcmk-remote |
| 5403 | tcp | HPOMS-CI-LSTN hpoms-ci-lstn |
| 5404 | udp | HPOMS-DPS-LSTN hpoms-dps-lstn |
| 5405 | udp | NetSupport netsupport |
| 21064 | tcp |
WWW (HTTP)
HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.
| Port | Protocol | Service Info |
|---|---|---|
| 80 | tcp | WorldWideWeb HTTP http www www-http |
Secure WWW (HTTPS)
HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 443 | tcp | http protocol over TLS/SSL https |
IMAP
The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 143 | tcp | Interim Mail Access Proto v2 imap imap2 |
IMAP over SSL
The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 993 | tcp | IMAP over SSL imaps |
Network Printing Server (IPP)
The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.
| Port | Protocol | Service Info |
|---|---|---|
| 631 | tcp | Internet Printing Protocol ipp |
| 631 | udp | Internet Printing Protocol ipp |
Network Printing Client (IPP)
The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 631 | udp | Internet Printing Protocol ipp |
IPsec
Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.
| Port | Protocol | Service Info |
|---|---|---|
| ah | ||
| esp | ||
| 500 | udp | isakmp |
| 4500 | udp | IPsec NAT-Traversal ipsec-nat-t |
iSCSI target
Internet SCSI target is a storage resource located on an iSCSI server.
| Port | Protocol | Service Info |
|---|---|---|
| 3260 | tcp | iSCSI port iscsi-target |
| 3260 | udp | iSCSI port iscsi-target |
kadmin
Kerberos Administration Protocol
| Port | Protocol | Service Info |
|---|---|---|
| 749 | tcp | Kerberos kadmin' (v5) kerberos-adm ` |
KDE Connect
KDE Connect allows intercommunicating with mobile devices to receive messages and notifications.
| Port | Protocol | Service Info |
|---|---|---|
| 1714-1764 | tcp | sesi-lm sesi-lm |
| 1714-1764 | udp | sesi-lm sesi-lm |
Kerberos
Kerberos network authentication protocol server
| Port | Protocol | Service Info |
|---|---|---|
| 88 | tcp | Kerberos v5 kerberos kerberos5 krb5 |
| 88 | udp | Kerberos v5 kerberos kerberos5 krb5 |
Kibana
Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.
| Port | Protocol | Service Info |
|---|---|---|
| 5601 | tcp | Enterprise Security Agent esmagent |
klogin
The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.
| Port | Protocol | Service Info |
|---|---|---|
| 543 | tcp | Kerberized rlogin' (v5) klogin ` |
Kpasswd
Kerberos password (Kpasswd) server
| Port | Protocol | Service Info |
|---|---|---|
| 464 | tcp | Kerberos "passwd" kpasswd kpwd |
| 464 | udp | Kerberos "passwd" kpasswd kpwd |
kshell
Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5
| Port | Protocol | Service Info |
|---|---|---|
| 544 | tcp | Kerberized rsh' (v5) kshell krcmd` |
LDAP
Lightweight Directory Access Protocol (LDAP) server
| Port | Protocol | Service Info |
|---|---|---|
| 389 | tcp | ldap |
LDAPS
Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server
| Port | Protocol | Service Info |
|---|---|---|
| 636 | tcp | LDAP over SSL ldaps |
Virtual Machine Management
Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 16509 | tcp |
Virtual Machine Management (TLS)
Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 16514 | tcp |
ManageSieve
The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 4190 | tcp | ManageSieve Protocol sieve |
Multicast DNS (mDNS)
mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.
Destination:
- ipv4:
224.0.0.251 - ipv6:
ff02::fb
| Port | Protocol | Service Info |
|---|---|---|
| 5353 | udp | Multicast DNS mdns |
Mobile shell that supports roaming and intelligent local echo.
Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of "network lag" on high-latency connections.
| Port | Protocol | Service Info |
|---|---|---|
| 60000-61000 | udp |
mountd
NFS Mount Lock Daemon
| Port | Protocol | Service Info |
|---|---|---|
| 20048 | tcp | NFS mount protocol mountd |
| 20048 | udp | NFS mount protocol mountd |
ms-wbt
Microsoft Windows-based Terminal Server
| Port | Protocol | Service Info |
|---|---|---|
| 3389 | tcp | MS WBT Server ms-wbt-server |
mssql
Microsoft SQL Server
| Port | Protocol | Service Info |
|---|---|---|
| 1433 | tcp | Microsoft-SQL-Server ms-sql-s |
MySQL
MySQL Database Server
| Port | Protocol | Service Info |
|---|---|---|
| 3306 | tcp | MySQL mysql |
NFS4
The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 2049 | tcp | Network File System nfs nfsd shilp |
NRPE
NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.
| Port | Protocol | Service Info |
|---|---|---|
| 5666 | tcp |
Network Time Protocol (NTP) Server
The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 123 | udp | Network Time Protocol ntp |
OpenVPN
OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 1194 | udp | OpenVPN openvpn |
oVirt Image I/O
oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.
| Port | Protocol | Service Info |
|---|---|---|
| 54322 | tcp |
oVirt Storage-Console
oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.
| Port | Protocol | Service Info |
|---|---|---|
| 55863 | tcp | |
| 39543 | tcp |
oVirt VM Console
oVirt VM Consoles enables secure access to virtual machine serial console.
| Port | Protocol | Service Info |
|---|---|---|
| 2223 | tcp | Rockwell CSP2 rockwell-csp2 |
Performance metrics collector (pmcd)
This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 44321 | tcp | PCP server (pmcd) pmcd |
Performance metrics proxy (pmproxy)
This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 44322 | tcp | PCP server (pmcd) proxy pmcdproxy |
Performance metrics web API (pmwebapi)
This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 44323 | tcp | Performance Co-Pilot client HTTP API pmwebapi |
Secure performance metrics web API (pmwebapis)
This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 44324 | tcp |
POP-3
The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).
| Port | Protocol | Service Info |
|---|---|---|
| 110 | tcp | POP version 3 pop3 pop-3 |
POP-3 over SSL
The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).
| Port | Protocol | Service Info |
|---|---|---|
| 995 | tcp | POP-3 over SSL pop3s |
PostgreSQL
PostgreSQL Database Server
| Port | Protocol | Service Info |
|---|---|---|
| 5432 | tcp | POSTGRES postgres postgresql |
Privoxy - A Privacy Enhancing Proxy Server
Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.
| Port | Protocol | Service Info |
|---|---|---|
| 8118 | tcp | Privoxy HTTP proxy privoxy |
Proxy DHCP
PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.
| Port | Protocol | Service Info |
|---|---|---|
| 4011 | udp | PXE server pxe altserviceboot |
Precision Time Protocol (PTP) Master
The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 319 | udp | PTP Event ptp-event |
| 320 | udp | PTP General ptp-general |
PulseAudio
A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.
| Port | Protocol | Service Info |
|---|---|---|
| 4713 | tcp | Pulseaudio pulseaudio |
Puppet Master
Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.
| Port | Protocol | Service Info |
|---|---|---|
| 8140 | tcp | The Puppet master service puppet |
Quassel IRC
Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.
| Port | Protocol | Service Info |
|---|---|---|
| 4242 | tcp |
RADIUS
The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.
| Port | Protocol | Service Info |
|---|---|---|
| 1812 | tcp | Radius radius |
| 1812 | udp | Radius radius |
| 1813 | tcp | Radius Accounting radius-acct radacct |
| 1813 | udp | Radius Accounting radius-acct radacct |
Red Hat Satellite 6
Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.
| Port | Protocol | Service Info |
|---|---|---|
| 80 | tcp | WorldWideWeb HTTP http www www-http |
| 443 | tcp | http protocol over TLS/SSL https |
| 5646-5647 | tcp | Ventureforth Mobile vfmobile |
| 5671 | tcp | amqp protocol over TLS/SSL amqps |
| 8140 | tcp | The Puppet master service puppet |
| 8080 | tcp | WWW caching service webcache http-alt |
| 9090 | tcp | WebSM websm |
rpc-bind
Remote Procedure Call Bind
| Port | Protocol | Service Info |
|---|---|---|
| 111 | tcp | RPC 4.0 portmapper TCP sunrpc portmapper rpcbind |
| 111 | udp | RPC 4.0 portmapper UDP sunrpc portmapper rpcbind |
rsh
Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.
| Port | Protocol | Service Info |
|---|---|---|
| 514 | tcp | no passwords used shell cmd |
Rsync in daemon mode
Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.
| Port | Protocol | Service Info |
|---|---|---|
| 873 | tcp | rsync rsync |
| 873 | udp | rsync rsync |
Samba
This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.
Required module: nf_conntrack_netbios_ns
| Port | Protocol | Service Info |
|---|---|---|
| 137 | udp | netbios-ns |
| 138 | udp | netbios-dgm |
| 139 | tcp | NETBIOS session service netbios-ssn |
| 445 | tcp | microsoft-ds |
Samba Client
This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.
Required module: nf_conntrack_netbios_ns
| Port | Protocol | Service Info |
|---|---|---|
| 137 | udp | netbios-ns |
| 138 | udp | netbios-dgm |
SANE network daemon (saned)
The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.
Required module: nf_conntrack_sane
| Port | Protocol | Service Info |
|---|---|---|
| 6566 | tcp | SANE Control Port sane-port |
SIP
The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.
Required module: nf_conntrack_sip
| Port | Protocol | Service Info |
|---|---|---|
| 5060 | tcp | SIP sip |
| 5060 | udp | SIP sip |
SIP-TLS (SIPS)
SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.
| Port | Protocol | Service Info |
|---|---|---|
| 5061 | tcp | SIP-TLS sips |
| 5061 | udp | SIP-TLS sips |
Mail (SMTP)
This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
| Port | Protocol | Service Info |
|---|---|---|
| 25 | tcp | smtp mail |
Mail (SMTP-Submission)
SMTP-Submission allows remote users to submit mail over port 587.
| Port | Protocol | Service Info |
|---|---|---|
| 587 | tcp | mail message submission submission msa |
Mail (SMTP over SSL)
This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.
| Port | Protocol | Service Info |
|---|---|---|
| 465 | tcp | URL Rendesvous Directory for SSM / SMTP over SSL (TLS) urd smtps |
SNMP
Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server).
| Port | Protocol | Service Info |
|---|---|---|
| 161 | tcp | Simple Net Mgmt Proto snmp |
| 161 | udp | Simple Net Mgmt Proto snmp |
SNMPTRAP
SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.
| Port | Protocol | Service Info |
|---|---|---|
| 162 | tcp | SNMPTRAP snmptrap |
| 162 | udp | Traps for SNMP snmptrap snmp-trap |
SpiderOak LAN-Sync
SpiderOak is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.
| Port | Protocol | Service Info |
|---|---|---|
| 21327 | udp |
squid
Squid HTTP proxy server
| Port | Protocol | Service Info |
|---|---|---|
| 3128 | tcp | squid web proxy squid ndl-aas |
SSH
Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 22 | tcp | The Secure Shell (SSH) Protocol ssh |
Synergy
Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.
| Port | Protocol | Service Info |
|---|---|---|
| 24800 | tcp |
syslog
Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.
| Port | Protocol | Service Info |
|---|---|---|
| 514 | udp | syslog |
syslog-tls
Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.
| Port | Protocol | Service Info |
|---|---|---|
| 6514 | tcp | Syslog over TLS syslog-tls |
| 6514 | udp | Syslog over TLS syslog-tls |
Telnet
Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.
| Port | Protocol | Service Info |
|---|---|---|
| 23 | tcp | telnet |
TFTP
The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in s simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).
Required module: nf_conntrack_tftp
| Port | Protocol | Service Info |
|---|---|---|
| 69 | udp | tftp |
TFTP Client
This option allows you to access Trivial File Transfer Protocol (TFTP) servers. You need the tftp package installed for this option to be useful.
Required module: nf_conntrack_tftp
tinc VPN
tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.
| Port | Protocol | Service Info |
|---|---|---|
| 655 | tcp | TINC tinc |
| 655 | udp | TINC tinc |
Tor - SOCKS Proxy
Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.
| Port | Protocol | Service Info |
|---|---|---|
| 9050 | tcp | Versiera Agent Listener versiera |
Transmission
Transmission is a lightweight BitTorrent client.
| Port | Protocol | Service Info |
|---|---|---|
| 51413 | tcp | |
| 51413 | udp |
oVirt's Virtual Desktop and Server Manager
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.
| Port | Protocol | Service Info |
|---|---|---|
| 54321 | tcp | |
| 5900-6923 | tcp | Remote Framebuffer rfb |
| 49152-49216 | tcp |
Virtual Network Computing Server (VNC)
A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.
| Port | Protocol | Service Info |
|---|---|---|
| 5900-5903 | tcp | Remote Framebuffer rfb |
wbem-https
Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments
| Port | Protocol | Service Info |
|---|---|---|
| 5989 | tcp | WBEM CIM-XML (HTTPS) wbem-https |
XMPP (Jabber) web client
Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.
| Port | Protocol | Service Info |
|---|---|---|
| 5280 | tcp | Bidirectional-streams Over Synchronous HTTP (BOSH) xmpp-bosh |
XMPP (Jabber) client
Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.
| Port | Protocol | Service Info |
|---|---|---|
| 5222 | tcp | XMPP Client Connection xmpp-client |
XMPP Link-Local Messaging
Serverless XMPP-like communication over local networks based on zero-configuration networking.
| Port | Protocol | Service Info |
|---|---|---|
| 5298 | tcp | XMPP Link-Local Messaging presence |
XMPP (Jabber) server
Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.
| Port | Protocol | Service Info |
|---|---|---|
| 5269 | tcp | XMPP Server Connection xmpp-server |