Uncomplicated Firewall configuration

By /

Uncomplicated Firewall configuration

The “Firewall Configuration” is a GUI app (gufw) used for the configuration of the “Uncomplicated Firewall”, aka UFW. This makes it a simple task for novice users to configure their firewall. This GUI app (gufw) is installed by default in MX Linux Xfce and MX Linux Fluxbox only.

KDE users should search in the MX Package Installer for the package named ‘gufw’. Install this GUI app to get the Firewall Configuration’ app referenced in this section.

Starting in MX Linux 23, the Firewall is enabled and set to ignore all Incoming connections. This may prevent the discovery of printers and some popular applications from working correctly. Programs may wait a long time to connect and never do so, or give an error message. Some of these error messages are not very clear.

Adding a Simple firewall exception rule (example – Samba)

Samba uses just port 445 with the TCP protocol for the latest versions of Windows. To configure a ‘Simple’ exception rule for Samba:

  • Run the ‘Firewall Configuration’ app.
  • Click theRules’ button and then +.
  • Click theSimple’ tab.
  • In Name: typeSamba 445′.
  • In the Protocol; click down and selectTCP’.
  • In Port: type445′.
  • Click the Add’ button and then ‘Close’.

Samba Note: There are many other guides that show more ports being opened for older versions of Samba. Opening these additional port ranges can result in Malware affliction.

Adding a ‘Preconfigured’ firewall exception rule (example – DNS)

  • Run the ‘Firewall Configuration’ app.
  • Click theRules’ button and then +.
  • Click thePreconfigured tab.
  • Click the down arrow in ‘Application:’ and scroll to the ‘Preconfigured’ name to select it.
  • Click the Add’ button and then ‘Close’.

 

Common Firewall Port usage

* Avahi 5353 UDP a mDNS (aka Bonjour) provider – use Preconfigured rule: ‘PLEX Avahi discovery’.
Chrome Remote Desktop TCP port 443 and TCP/UDP 3478
Chrony UDP 123 UDP 323
CIFS (Common Internet File System) TCP ports 139 and 445.
* CUPS IPP/PPS printing 631 TCP More – https://www.cups.org/doc/firewalls.html
AppSocket/JetDirect printing 9100-9102 TCP
* DHCP UDP port 67 on the server side.
UDP port 68 on the client side. Preconfigured rule adds port 67 only.
* DNS 53 TCP & UDP
* DropBox TCP 90. 443, 17600 & 17601 (3rd pty file apps). TCP 17500 LAN Sync feature.
Duckto 4644
* FTP 20 & 21
Hplip 5353 UDP
* Internet Printing Protocol aka IPP uses TCP with port 631. (Use ‘CUPS’ pre-configured rule).
* KDE Connect – port range 1714-1764 for UDP and TCP
LocalSend 53317 TCP & UDP
* IRC 6697 (IRC SSL)
* mDNS 5353 UDP DNS Lookup. Preconfigured rule: ‘Multicast DNS’
* Minecraft 25,565
* NFS 111 & 2049 TCP & UDP (Web NFS)
* NTP/SNTP/Chrony UDP 123 Chrony adds UDP 323
OpenVPN 1194 TCP & UDP
PC Anywhere 5631
Printing & SMB Printer sharing – see CUPS above.
Plex Media Server TCP: 32400
Remote Desktop 3389 TCP & UDP – enables acceleration. (RDP > 8.0)
* Samba (pre 2012 devices – SMB1/NT1) UDP ports 137 & 138; TCP ports 135, 137. 139 & 445.
Samba modern: SMB version 2 & SMB version 3 implementations TCP port 445
* SANE 6566, 54921 Preconfigured rule: ‘SANE Scanner’
Scrcpy 5555 TCP
SMB Printing see CUPS above.
Spotify uses port 4070 TCP by default. If it is unable to connect on that port, it will roll to port 443, then port 80
* SSH 22
Syncthing 22000 TCP & UDP – host-to-host 9806 8384
* Teamviewer TCP/UDP 5938, TCP 443, TCP 80
* Transmission 51413.
UpnP (Universal Plug n Play) 1900 UDP also 80, 5431 & 49152
* VNC 5500/5900/5901 both.
Warpinator 42000 and 42001 Flatpack adds 5353 UDP
WINS 137 UDP
Wormhole/Magic Wormhole connection to ‘Mailbox’ aka Rendezvous Server 4000 & 4001
WSDD port 5357 TCP and port 3702 UDP – Add as two ‘Simple’ type rules.

* = Use the “Preconfigured” application rule for these.

† = Enabling the above additional port ranges *MAY* result in data loss, Ransomware, Malware (such as WannaCry), and or privacy issues. TCP on ports 136 and 138 no longer implemented.

‡ = The printer connection, if connected to via Samba (default for a shared printer) *may* require opening port 445 on TCP on PCs not hosting the printer connection.

More ports https://www.linuxtrainingacademy.com/ports/

Please direct ALL support requests to the MX Linux Forum — https://forum.mxlinux.org

Created by FullScale4Me: June, 2023 Updated: October 3, 2025

Scroll to Top