Closed alexlii1971 closed 3 weeks ago
Hi Hiddify use reverse proxy in most inbound config, So your ssh port, 80 and 443 is enough for you. But if you want to use some custom inbound like hysteria it will be setup on random port that had to check after set up the config. For better insight, you install net-tools package and use this command to check with port used by hiddify:
$ sudo netstat -tupln
port with local address of 127.0.0.1 is not exposed.
root@Hiddify:~# sudo netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2024 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2031 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2021 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2022 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2023 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2032 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2033 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2034 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:501 0.0.0.0: LISTEN 48928/nginx: master
tcp 0 0 127.0.0.1:8181 0.0.0.0: LISTEN 48912/haproxy
tcp 0 0 127.0.0.1:502 0.0.0.0: LISTEN 48928/nginx: master
tcp 0 0 127.0.0.1:2039 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2011 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2012 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2013 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 48912/haproxy
tcp 0 0 127.0.0.1:2014 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:2000 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:438 0.0.0.0: LISTEN 48928/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0: LISTEN 45947/sshd: /usr/sb
tcp 0 0 127.0.0.1:10085 0.0.0.0: LISTEN 48950/xray
tcp 0 0 127.0.0.1:10086 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:9000 0.0.0.0: LISTEN 49034/python
tcp 0 0 127.0.0.1:6450 0.0.0.0: LISTEN 49079/HiddifyCli
tcp 0 0 127.0.0.53:53 0.0.0.0: LISTEN 560/systemd-resolve
tcp 0 0 127.0.0.1:2334 0.0.0.0: LISTEN 49079/HiddifyCli
tcp 0 0 127.0.0.1:3306 0.0.0.0: LISTEN 49001/mariadbd
tcp 0 0 127.0.0.1:6379 0.0.0.0: LISTEN 48883/redis-server
tcp 0 0 127.0.0.1:12995 0.0.0.0: LISTEN 48936/sing-box
tcp 0 0 127.0.0.1:1234 0.0.0.0: LISTEN 48950/xray
tcp 0 0 127.0.0.1:6756 0.0.0.0: LISTEN 49079/HiddifyCli
tcp 0 0 0.0.0.0:443 0.0.0.0: LISTEN 48912/haproxy
tcp6 0 0 :::80 ::: LISTEN 48912/haproxy
tcp6 0 0 :::26716 ::: LISTEN 48895/ssh-liberty-b
tcp6 0 0 :::22 ::: LISTEN 45947/sshd: /usr/sb
tcp6 0 0 :::443 ::: LISTEN 48912/haproxy
udp 0 0 0.0.0.0:443 0.0.0.0: 48912/haproxy
udp 0 0 0.0.0.0:44508 0.0.0.0: -
udp 0 0 127.0.0.53:53 0.0.0.0: 560/systemd-resolve
udp 0 0 127.0.0.1:1234 0.0.0.0: 48950/xray
udp 0 0 127.0.0.1:6450 0.0.0.0: 49079/HiddifyCli
udp6 0 0 :::57243 ::: 48936/sing-box
udp6 0 0 :::443 ::: 48912/haproxy
udp6 0 0 :::44508 ::: -
udp6 0 0 :::60919 ::: 49079/HiddifyCli
udp6 0 0 :::61490 ::: 48950/xray
udp6 0 0 :::26689 ::: 49079/HiddifyCli
udp6 0 0 :::42056 ::: 48936/sing-box
udp6 0 0 :::43730 :::* 49079/HiddifyCli
So, do I need set rules for the ports like the following ones:
sudo ufw allow 57243/udp sudo ufw allow 60919/udp sudo ufw allow 61490/udp sudo ufw allow 26689/udp sudo ufw allow 42056/udp sudo ufw allow 43730/udp
or, I should only allow TCP for the following ports?
sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 26716/tcp
Looking for your clarifying.
Hello,
I am quite new to Hiddify.
After Hddfiy Manager installed by default settings, how many ports should be allowed on UFW please? so that we can set Firewall for security and best practice.
Thanks for clarifying.