Cheatsheet: Port List ¶
The following list of ports can be referenced when setting up CSF firewall with your other applications:
Port | TCP | UDP | Description |
---|---|---|---|
20 |
✅ | ✅ | FTP Data (mostly TCP, rarely UDP) |
21 |
✅ | ✅ | FTP Control (mostly TCP, rarely UDP) |
22 |
✅ | SSH 1 / SCP / SFTP | |
23 |
✅ | Telnet | |
25 |
✅ | SMTP (non-secure email sending) | |
26 |
✅ | SMTP (non-secure email sending, alternate when 25 blocked) | |
37 |
✅ | ✅ | Machine-readable time protocol (rdate) |
43 |
✅ | Whois | |
53 |
✅ | ✅ | DNS (Pihole, AdGuard) |
67 |
✅ | DHCP Server | |
68 |
✅ | DHCP Client | |
69 |
✅ | TFTP (Trivial File Transfer Protocol) | |
70 |
✅ | Gopher | |
71 |
✅ | Genius protocol | |
80 |
✅ | ✅ | HTTP (web traffic) |
88 |
✅ | ✅ | Kerberos authentication |
110 |
✅ | POP3 (non-secure email retrieval) | |
113 |
✅ | ✅ | Identification Protocol (Ident) (RFC 1413) |
123 |
✅ | NTP (Network Time Protocol) / Pihole | |
137 |
✅ | NetBIOS Name Service (Samba name resolution) | |
138 |
✅ | NetBIOS Datagram Service (Samba broadcasts) | |
139 |
✅ | NetBIOS Session Service (Samba file/printer sharing) | |
143 |
✅ | IMAP (non-secure email retrieval) | |
443 |
✅ | ✅ | HTTPS / QUIC / DoH (DNS over HTTPS, HTTP/3) |
445 |
✅ | ✅ | Microsoft-DS / SMB over TCP/IP (Samba) |
458 |
Apple QuickTime / Real-Time Streaming Protocol (RTSP) | ||
465 |
✅ | SMTPS (secure SMTP) | |
546 |
✅ | DHCPv6 Client | |
547 |
✅ | DHCPv6 Server (Pihole, etc) | |
565 |
✅ | ✅ | Whoami |
566 |
✅ | ✅ | Streettalk |
587 |
✅ | SMTP submission | |
574 |
✅ | ✅ | FTP Software Agent System |
596 |
✅ | ✅ | SysMan Station daemon |
783 |
✅ | Spamassassin Razor Agent | |
853 |
✅ | ✅ | DNS over TLS (DoT) |
873 |
✅ | Rsync file transfer | |
953 |
✅ | Unbound Remote control / statistics (RPC for unbound-control) | |
993 |
✅ | IMAPS (secure IMAP) | |
995 |
✅ | POP3S (secure POP3) | |
1025 |
✅ | Microsoft Remote Procedure Call | |
1194 |
✅ | ✅ | OpenVPN |
1241 |
✅ | ✅ | Nessus security scanner |
1311 |
✅ | Dell OpenManage server administrator web GUI (EMC) | |
1337 |
✅ | WASTE peer-to-peer encrypted file-sharing Program | |
1589 |
✅ | ✅ | Cisco VLAN Query Protocol (VQP) |
1701 |
✅ | Layer Two Tunneling Protocol Virtual Private Networking | |
1723 |
✅ | ✅ | Microsoft PPTP |
1725 |
✅ | Steam Client | |
1863 |
✅ | MSN Live Messenger, Xbox Live 360 | |
1900 |
✅ | Universal Plug and Play (UPnP) | |
2049 |
✅ | ✅ | Network File Sharing (NFS) |
2077 |
✅ | cPanel Web Disk (HTTPS) / WebDAV | |
2078 |
✅ | Web Disk (HTTP) / WebDAV | |
2079 |
✅ | Web Disk (HTTPS) / CalDAV | |
2080 |
✅ | Web Disk (HTTP) | |
2082 |
✅ | cPanel (HTTP) / CWP User Panel (HTTP) | |
2083 |
✅ | cPanel (HTTPS) / CWP User Panel (HTTPS) | |
2086 |
✅ | WHM (HTTP) / CWP Admin (HTTP) | |
2087 |
✅ | WHM (HTTPS) / CWP Admin (HTTPS) / Event Logging Integration (ELI) | |
2095 |
✅ | Webmail (HTTP) | |
2096 |
✅ | Webmail (HTTPS) | |
2089 |
✅ | cPanel Licensing | |
2091 |
✅ | ActiveSync | |
2222 |
✅ | DirectAdmin control panel | |
2304 |
✅ | CWP External API SSL (HTTPS for API access) | |
2703 |
✅ | Local Spamassassin / CSF+LFD | |
3000 |
✅ | Gogs 🔹 Gitea 🔹 Grafana 🔹 Jellyfin Stats 🔹 Linkwarden 🔹 Obsidian LiveSync 🔹 Slink / Zipline | |
3001 |
✅ | Uptime Kuma / Obsidian | |
3306 |
✅ | MySQL / MariaDB | |
3389 |
✅ | Remote Desktop Protocol (RDP) | |
3875 |
✅ | Duplicacy | |
5001 |
✅ | Dockge | |
5224 |
✅ | Plesk license check | |
5432 |
✅ | Postgres | |
5601 |
✅ | Kibana web interface 🔹 visualization/dashboard for Elastic Search (HTTP) | |
5938 |
✅ | Teamviewer | |
5984 |
✅ | CouchDB Clustered Mode | |
6077 |
✅ | Cabernet | |
6157 |
✅ | Opengist | |
6277 |
✅ | ✅ | CSF / LFD internal service |
6379 |
✅ | Redis | |
6568 |
✅ | ✅ | AnyDesk streaming (peer-to-peer connections) |
6881 |
✅ | ✅ | qBittorrent |
6666 |
✅ | CSF / LFD web interface | |
7080 |
✅ | LiteSpeed WebAdmin Console | |
8083 |
✅ | VestaCP control panel | |
8096 |
✅ | Jellyfin | |
8200 |
✅ | Hashicorp Vault 🔹 Duplicati control panel | |
8384 |
✅ | Syncthing | |
8443 |
✅ | Plesk administrative interface (HTTPS) | |
8840 |
✅ | ✅ | WatchYourLan |
8880 |
✅ | Plesk administrative interface (HTTP) / Vuetorrent | |
8853 |
✅ | ✅ | WatchYourPorts |
9000 |
✅ | Portainer (HTTP) | |
9001 |
✅ | Portainer agent | |
9090 |
✅ | Prometheus | |
9100 |
✅ | Prometheus Node Exporter | |
9200 |
✅ | Elastic Search REST API | |
9300 |
✅ | Elastic Search internal cluster communication | |
9443 |
✅ | Portainer (HTTPS) | |
9600 |
✅ | Elastic Search monitoring API (used by X-Pack/Elastic Search stack monitoring) | |
9999 |
✅ | Stash | |
10000 |
✅ | Webmin control panel | |
11211 |
✅ | ✅ | Memcached |
22067 |
✅ | Syncthing Relay Server | |
22070 |
✅ | Syncthing Relay Server | |
22000 |
✅ | Syncthing Relay Server | |
27017 |
✅ | MongoDB | |
24441 |
✅ | ✅ | CSF / LFD internal services / Spamassassin Pyzor |
32400 |
✅ | Plesk | |
34400 |
✅ | Threadfin | |
50001 |
✅ | AnyDesk Discovery - Identify devices on the local network | |
50002 |
✅ | AnyDesk Discovery - Identify devices on the local network | |
50003 |
✅ | AnyDesk Discovery - Identify devices on the local network |
-
Some sources list UDP for port 22, but officially SSH only uses TCP. UDP is not standard for this service. ↩