1
00:00:00,000 --> 00:00:13,400
To work with firewalls, you need to understand ports. So let's talk about ports. Firewalls

2
00:00:13,400 --> 00:00:19,600
typically are working on IP addresses and ports, where every service has its own port.

3
00:00:19,600 --> 00:00:24,360
And these ports normally are dedicated and well-reserved. There are privileged ports,

4
00:00:24,360 --> 00:00:29,160
which are ports that are claimed by specific services. And the privileged ports go up to

5
00:00:29,160 --> 00:00:36,520
port 1023. These are the ports that you should normally not allocate for your custom services.

6
00:00:36,520 --> 00:00:42,240
And if you do, you need administrator privileges. There's also the dynamic ports. They range

7
00:00:42,240 --> 00:00:49,080
from 1024 all the way up to 65536. And they can be used for dynamic port allocation, which

8
00:00:49,080 --> 00:00:54,599
is done by some processes. And also, you can configure them manually for services that

9
00:00:54,599 --> 00:01:02,040
don't have a privileged port for themselves. A static port definition can be found in ETC

10
00:01:02,040 --> 00:01:06,440
services. Now, the bottom line is, no matter which port you are planning to use, it's a

11
00:01:06,440 --> 00:01:12,959
good idea to first check in ETC services if it's not already in use. You have already

12
00:01:12,959 --> 00:01:17,519
learned about the ss command and the netstat command. They can show you ports that are

13
00:01:17,519 --> 00:01:23,000
currently in use, but they are not showing you reserved ports. And if you ever want to

14
00:01:23,000 --> 00:01:28,239
configure something yourself, you need to make sure that the port is still available.

15
00:01:28,239 --> 00:01:37,239
So let me show you what is in this ETC services file. So let's check it out on ETC services.

16
00:01:37,239 --> 00:01:43,320
And here we can see that this is a list of ports that has been updated by IANA. That

17
00:01:43,320 --> 00:01:49,120
is the Internet Authority that takes care of port numbers and much more. So you can

18
00:01:49,120 --> 00:01:55,199
even check out the details right here. And there we can see the well-known ports. These

19
00:01:55,199 --> 00:02:00,800
are the privileged ports. The registered port, that's a separate range. And dynamic ports,

20
00:02:00,800 --> 00:02:05,879
well, there's also a specific range for ports that need to be dynamically allocated. So

21
00:02:05,879 --> 00:02:10,839
if you want to be completely compliant, then you should allocate your dynamic port higher

22
00:02:10,839 --> 00:02:17,119
than 49152. Now, let's imagine that you decide that you want to run your web server on port

23
00:02:17,119 --> 00:02:23,800
82. Now, what are you going to do? Well, just check the ETC services file. And in ETC services,

24
00:02:23,800 --> 00:02:31,000
you see that there is nothing between port 80 HTTP and port 88 Kerberos. So the bottom

25
00:02:31,000 --> 00:02:36,759
line is, go ahead and use it. But make sure you use administrator privileges because these

26
00:02:36,759 --> 00:02:40,919
are required for having services on registered ports.