What UDP Ports Do I Need To Keep Open

[kozmonot28]

In the light of recent events, I'm looking to tighten down my network as much as possible. I'm starting with my perimeter 2600 Router, then working to the PIX. I'm working on just inbound traffic.

I've started by building TCP permits to the static NAT addresses only for the ports that those machines need. So I feel that I've got that tightened enough. Now I'm moving on to the UDP ports.

What UDP ports must I keep open? I have an internal DNS server that uses external forwarders.

If you need to know anything else before you can give a suggestion, please let me know.

 

[ChrisAC]

You only open up ports inbound for services that you are hosting. For example, if your DNS server is authorative for your domain then you would need to allow other DNS servers to query it so you would open up UDP 53. However, if it just uses a forwarder and isn't authorative for any domains then you wouldn't open any ports.

As a rule, close all ports and then just open ports for services that are required, like SMTP to your mail server, HTTP/HTTPS to your web server etc. If you don't host any services, don't open any ports.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************