What ports should be open by default?



  • Hi,

    I understand some stuff and not, so this might look like a newbie question!

    I always have been using consumer router that includes their little firewall. What ports are open by default on these? Should it only be 80 and 443? How is my mail coming in and going out through Thunderbird? Are the ports for SMTP/IMAP/PORT enabled also? or do they open and close after the reception or sent? How about gaming online? Does the router opens the port again by itself? Do they stay open and is that unsecure?

    Now, how about a vanilla pfSense install? Will it be a different setup?

    Thanks for your help!


  • LAYER 8 Global Moderator

    In a vanilla install out of the box.. Pfsense would block all unsolicited inbound bound traffic to its wan.  It would only allow answers to what clients from the lan had requested.  The default rules on lan are ANY ANY.. Clients on lan can pretty much do anything outbound.

    This would explain why yes you could access any protocol smtp/imap/http/https/etc..

    As to games - out of the box no pfsense would not automatically open any inbound ports via UPnP - unless you enable that.



  • Thanks!!

    @johnpoz:

    In a vanilla install out of the box.. Pfsense would block all unsolicited inbound bound traffic to its wan.  It would only allow answers to what clients from the lan had requested.  The default rules on lan are ANY ANY.. Clients on lan can pretty much do anything outbound.

    I suppose this is how a consumer router such as a dlink Linksys or Apple works?

    I've seen post that recommends to disable UPnP. I will then need to open port by port or range depending on the game?


  • LAYER 8 Global Moderator

    Many of soho routers - atleast in the past had UPnP enabled out of the box.. Not really a fan of such a tool - but it may come in handy for some.  Yes a better option would be to actually forward the ports you need vs letting software do whatever it wants without asking permission, etc.



  • Thanks so much for the clarification!


Log in to reply