Skip to main content

Firewalls and allowed ports

A firewall should allow only what you use.

Common ports:

  • 22 (SSH), 3389 (RDP)

  • 80/443 (web)

  • 25/587/465 (mail sending, if applicable)

  • 53 (DNS, if you host DNS)

  • Start strict, then open only required ports

  • Log dropped traffic to spot scanning attempts

  • Use fail2ban or equivalent where appropriate

Back to top