etc/default.services.conf

# Known services as macros.
#
# Macro name should match service name in /etc/services file, macro
# definitation should be minimal set of ports to open. Minimal means that
# client and server should have separate macros, web-administration should
# have it's own macro, etc.

macro {
  activedirectory domain; kerberos; ntp; kpasswd; ldap; ldaps; udp 389; tcp 135 3268 3269 49152-65535
  adb             tcp 5555
  afp             tcp 548  # afpovertcp
  airport         udp 192  # osu-nms
  amqp            tcp 5672
  android         tcp 5228-5230 4070 4460; udp 5228-5230 2002; https
  apple           tcp 2197 5223; https
  cockpit         tcp 9090
  dhcp-client     udp 68 ipv4; broadcast udp 68  # bootpc, from server to client
  dhcp-server     udp 67 ipv4; broadcast udp 67  # bootps, from client to server
  dhcpv6-client   udp sport 547 dport 546 daddr fe80::/10
  dhcpv6-server   multicast udp sport 546 dport 547 daddr ff02::1:2
  discord         udp 50000-65535; https
  domain          tcp 53; udp 53
  domain-quic     udp 853
  domain-s        domain-quic; domain-tls
  domain-tls      tcp 853
  facetime        udp 3478-3497 16384-16387 16393-16402; apple
  finger          tcp 79
  fooham          tcp 9997; udp 9997
  freeipa         domain; http; https; kerberos; kpasswd; ldap; ldaps
  ftp             tcp 21 helper ftp-21
  ftps            tcp 990
  galera          tcp 4444 4567-4568
  git             tcp 9418
  gluster-client  tcp 24007 49152-60999
  gluster-management  tcp 24008
  googlemeet      udp 3478 19302-19309; https
  gotomeeting     tcp 3478; udp 3478; https
  hkp             tcp 11371
  http            tcp 80
  http-alt        tcp 8000 8008 8080 8443
  http2           tcp 443
  https           tcp 443; udp 443
  imap            tcp 143
  imaps           tcp 993
  ipp             tcp 631
  ipsec           udp 500 4500; protocol "esp"
  ipsec-nat       udp sport 4500; ipsec
  irc             tcp 6667 helper irc-6667
  ircs-u          tcp 6697
  jetdirect       tcp 9100
  kerberos        tcp 88; udp 88
  kpasswd         tcp 464; udp 464
  ldap            tcp 389
  ldaps           tcp 636
  lsdp            broadcast udp 11430
  mdns            multicast udp 5353 daddr 224.0.0.251 ff02::fb; multicast protocol "igmp" daddr 224.0.0.251; udp sport 5353
  meetecho        tcp 1935 8000 8181; https
  microsoftteams  udp 3478-3481; https
  minecraft       tcp 25565
  mongodb         tcp 27017
  mqtt            tcp 1883
  ms-sql-m        udp 1434
  ms-sql-s        tcp 1433
  mysql           tcp 3306
  nbd             tcp 10809
  nfs             tcp 2049
  nfsv3           tcp 2049 111 20048
  ntp             udp 123
  ospf            multicast protocol "ospf" daddr 224.0.0.5 224.0.0.6 ff02::5 ff02::6 fe80::/10; multicast protocol "igmp" daddr 224.0.0.5 224.0.0.6
  ping            icmp echo-request; icmpv6 echo-request
  pop3s           tcp 995
  postgresql      tcp 5432
  pxe             udp 4011
  razor           tcp 2703
  redis           tcp 6379
  redis-sentinel  tcp 26379
  rdp             tcp 3389
  rfb             vnc
  rsync           tcp 873
  rtsps           tcp 322
  secure-mqtt     tcp 8883
  sieve           tcp 4190
  sip             udp 5060 helper sip-5060
  smb             tcp 139 445  # cifs
  smtp            tcp 25
  snmp            udp 161 helper snmp-161
  snmptrap        udp 162
  ssdp            multicast udp 1900 daddr 239.255.255.250 ff02::c; multicast protocol "igmp" daddr 239.255.255.250; udp sport 1900
  ssh             tcp 22
  submission      tcp 587
  submissions     tcp 465
  svn             tcp 3690
  syslog          tcp 514; udp 514
  syslog-tls      tcp 6514; udp 6514
  telnet          tcp 23
  telnets         tcp 992
  tftp            udp 69 helper tftp-69
  traceroute      udp 33434-33524
  vnc             tcp 5900
  vrrp-multicast  multicast protocol "vrrp" daddr 224.0.0.18 ff02::12; multicast protocol "igmp" daddr 224.0.0.18
  whois           tcp 43 4321
  wireguard       udp 51820
  ws-discovery    multicast udp 3702 daddr 239.255.255.250 ff02::c; multicast protocol "igmp" daddr 239.255.255.250; udp sport 3702; tcp 5357
  xmpp-client     tcp 5222
  zabbix-agent    tcp 10050
  zabbix-trapper  tcp 10051
  zoom            tcp 8801-8802; udp 3478-3479 8801-8810; https
}