Here is some help with the firewall. The number is the port. Second protocol and third its name and what they do.
1 TCP tcpmux The TCP port multiplexer. Not very common. Cannot
accept some, reject others
7 UDP, TCP echo An echo server; useful for seeing if a machine is alive.
A higher level equivalent of ICMP Echo (ping).
9 UDP, TCP discard The /dev/null of the Internet. Harmless.
11 TCP systat Occasionally (but rarely) connected to netstat, w, or ps.
If you do that sort of thing—and you shouldn’t—block
this.
13 UDP, TCP daytime The time of day. Harmless.
15 TCP netstat See systat
19 UDP, TCP chargen A character stream generator. Some people like reading that sort of thing, and it won’t upset your system if
they do.
20 TCP ftp-data Data channel for FTP. Hard to filter
21 TCP ftp FTP control channel. Allow in only to your FTP server,
if any
23 TCP telnet Telnet. Permit only to your login gateway
23 TCP telnet Telnet. Permit only to your login gateway
25 TCP smtp Mail. Allow only to your incoming mail gateways, and
make sure those aren’t running sendmail
37 UDP, TCP time The time of day, in machine-readable form. Before
blocking it (and there’s no reason to), remember that
ICMP can provide the same data.
43 TCP whois Allow in if you run a sanitized whois server; otherwise
block
53 UDP, TCP domain Block TCP except from secondary servers. If you
want to hide your DNS information, otherwise, allow
67 UDP bootp Block; it gives out too much information.
69 UDP tftp Block
70 TCP gopher Dangerous but useful. Be careful if you allow it
79 TCP finger Allow in only if you run a sanitized finger server, and
only to it; block to all other destinations
80 TCP http Also known as WWW. Dangerous but useful. Be careful
if you allow it
87 TCP link Rarely used, except by hackers. A lovely port for an
alarm.
88 UDP kerberos The official Kerberos port. If you allow people to log
in to your site, whether directly or via interrealm authentication,
you have to open up this port; otherwise, block it. Do the same for 750, the original Kerberos port. Block 749 and 751, the current and original Kerberos password changing ports. The ports
used for Kerberos-protected services are probably safe, though.
95 TCP supdup Rarely used except by hackers. Another lovely port for
an alarm.
109 TCP pop-2 Unless folks need to read their mail from outside, block
it.
110 TCP pop-3 Ditto.
111 UDP, TCP sunrpc Block, but remember that attackers can scan your port
number space anyway
113 TCP auth Generally safe. If you block it, don’t send an ICMP
rejection
119 TCP nntp If you allow it in, use source and destination address
filters
123 UDP ntp Safe if you use NTP’s own access controls
144 TCP NeWS A window system. Block as you would X11.
161 UDP snmp Block.
162 UDP snmp-trap Block, unless you monitor routers outside of your net.
177 UDP xdmcp For X11 logins. Block, of course.
512 TCP exec Block. It could be useful with a variant rcp; as is, the
only thing that has ever used it is the Internet worm.
Besides, it doesn’t do any logging.
513 TCP login Shudder. Block
514 TCP shell Double shudder. It doesn’t do any logging, either.
Block
515 TCP printer There have been reports of problems, and there’s rarely
a good reason for outsiders to use your printers. Block.
512 UDP biff Block; it’s a buggy, dangerous service.
513 UDP who You shouldn’t get anything legitimate on this port;
block it.
514 UDP syslog Apart from security holes (and there are some), if this
is open, your logs can be attacked. Block
517 UDP talk Block; the actual protocol involves a conversation between
random TCP ports.
518 UDP ntalk Ditto.
520 UDP route Block; don’t allow outsiders to play games with your
routing tables
540 TCP uucp Historically a dangerous service, and mostly obsolete
on the Internet. Block.
1025 TCP listener The usual port for the System V Release 3 listener.
An amazingly bad choice; if you have such machines,
either change the listener port (it’s a local option), or
be sure to block incoming calls only to this port; you’re
sure to have outgoing calls using it.
2000 TCP openwin Like X11. Block.
2049 UDP nfs Block, and don’t think twice.
2766 TCP listen The System V listener. Like tcpmux, but with more
services. Block.
6000–6xxx TCP x11 Block the entire range of X11 ports
6667 TCP IRC Block. Internet Relay Chat may or may not be a security risk per se (although there are a few dangerous options in IRC clients), but some channels, at least, attract the sort of network people who send out ICMP Destination Unreachable messages.
