1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
# Known services as macros.
#
# Macro name should match service name in /etc/services file, macro
# definitation should be minimal set of ports to open. Minimal means that
# client and server should have separate macros, web-administration should
# have it's own macro, etc.
#
# Warning: Do not edit this file as Foomuuri update will overwrite it.
macro {
activedirectory domain; kerberos; ntp; kpasswd; ldap; ldaps; udp 389; tcp 135 3268 3269 49152-65535
adb tcp 5555
afp tcp 548 # afpovertcp
airport udp 192 # osu-nms
alertmanager tcp 9093
amqp tcp 5672
android tcp 5228-5230 4070 4460; udp 5228-5230 2002; https
apple tcp 2197 5223; https
bgp tcp 179
cockpit tcp 9090
dhcp-client udp 68 ipv4; broadcast udp 68 # bootpc, from server to client
dhcp-server udp 67 ipv4; broadcast udp 67 # bootps, from client to server
dhcpv6-client udp sport 547 dport 546 daddr fe80::/10
dhcpv6-server multicast udp sport 546 dport 547 daddr ff02::1:2
discord udp 50000-65535; https
domain tcp 53; udp 53
domain-quic udp 853
domain-s domain-quic; domain-tls
domain-tls tcp 853
facetime udp 3478-3497 16384-16387 16393-16402; apple
finger tcp 79
fooham tcp 9997; udp 9997
freeipa domain; http; https; kerberos; kpasswd; ldap; ldaps
ftp tcp 21 helper ftp-21
ftps tcp 990
galera tcp 4444 4567-4568
git tcp 9418
gluster tcp 24007 49152-60999
gluster-client gluster warning "macro gluster-client is obsoleted, use gluster instead"
gluster-management tcp 24008
googlemeet udp 3478 19302-19309; https
gotomeeting tcp 3478; udp 3478; https
hkp tcp 11371
http tcp 80
http-alt tcp 8000 8008 8080 8443
http2 tcp 443
https tcp 443; udp 443
imap tcp 143
imaps tcp 993
ipp tcp 631
ipsec udp 500 4500; protocol "esp"
ipsec-nat udp sport 4500; ipsec
irc tcp 6667 helper irc-6667
ircs-u tcp 6697
jetdirect tcp 9100
kerberos tcp 88; udp 88
kpasswd tcp 464; udp 464
ldap tcp 389
ldaps tcp 636
lsdp broadcast udp 11430
mdns multicast udp 5353 daddr 224.0.0.251 ff02::fb; multicast protocol "igmp" daddr 224.0.0.251; udp sport 5353
meetecho tcp 1935 8000 8181; https
microsoftteams udp 3478-3481; https
minecraft tcp 25565
mongodb tcp 27017
mqtt tcp 1883
ms-sql-m udp 1434
ms-sql-s tcp 1433
mysql tcp 3306
nbd tcp 10809
nfs tcp 2049
nfsv3 tcp 2049 111 20048
ntp udp 123
ntske tcp 4460
ospf multicast protocol "ospf" daddr 224.0.0.5 224.0.0.6 ff02::5 ff02::6; multicast protocol "igmp" daddr 224.0.0.5 224.0.0.6; protocol "ospf"
ping icmp echo-request; icmpv6 echo-request
pop3s tcp 995
postgresql tcp 5432
prometheus tcp 9090
prometheus-blackbox tcp 9115
prometheus-chrony tcp 9123
prometheus-foobar tcp 11042
prometheus-foomuuri tcp 11041
prometheus-gluster tcp 9713
prometheus-hcloud tcp 9501
prometheus-ipmi tcp 9290
prometheus-keepalived tcp 9165
prometheus-knot tcp 9433
prometheus-mysqld tcp 9104
prometheus-node tcp 9100
prometheus-nut tcp 9199
prometheus-php-fpm tcp 9253
prometheus-postfix tcp 9907
prometheus-postgresql tcp 9187
prometheus-redis tcp 9121
prometheus-smartctl tcp 9633
prometheus-ssl tcp 9219
prometheus-systemd tcp 9558
prometheus-unbound tcp 9167
prometheus-windows tcp 9182
pxe udp 4011
razor tcp 2703
rdp tcp 3389
redis tcp 6379
redis-sentinel tcp 26379
rfb vnc
rsync tcp 873
rtsps tcp 322
salt tcp 4505 4506
secure-mqtt tcp 8883
sieve tcp 4190
sip udp 5060 helper sip-5060
sips tcp 5061
smb tcp 139 445 # cifs
smtp tcp 25
snmp udp 161 helper snmp-161
snmptrap udp 162
ssdp multicast udp 1900 daddr 239.255.255.250 ff02::c; multicast protocol "igmp" daddr 239.255.255.250; udp sport 1900
ssh tcp 22
submission tcp 587
submissions tcp 465
svn tcp 3690
syslog tcp 514; udp 514
syslog-tls tcp 6514; udp 6514
telnet tcp 23
telnets tcp 992
tftp udp 69 helper tftp-69
tor tcp 9001
tor-browser-bundle tcp 9150
tor-control tcp 9051
tor-directory tcp 9030
tor-socks tcp 9050
traceroute udp 33434-33524
vnc tcp 5900
vrrp-multicast multicast protocol "vrrp" daddr 224.0.0.18 ff02::12; multicast protocol "igmp" daddr 224.0.0.18
whois tcp 43 4321
wireguard udp 51820
ws-discovery multicast udp 3702 daddr 239.255.255.250 ff02::c; multicast protocol "igmp" daddr 239.255.255.250; udp sport 3702; tcp 5357
xmpp-client tcp 5222
zabbix-agent tcp 10050
zabbix-trapper tcp 10051
zoom tcp 8801-8802; udp 3478-3479 8801-8810; https
}
|
