Blocked network ports
Written by
Updated at February 7, 2025
The routers the BareMetal servers use to access the internet limit the incoming internet traffic to public server addresses on some TCP and UDP ports, as well as the outgoing SMTP traffic. By blocking these ports you can protect the Yandex BareMetal infrastructure against malicious networking traffic.
Incoming traffic
Egress
| Port | Application layer protocol | Transport protocol |
|---|---|---|
17 |
QOTD | TCP, UDP |
23 |
Telnet | TCP |
67–68 |
DHCP | UDP |
111 |
SUNRPC | UDP |
135–139 |
NetBIOS | TCP, UDP |
389 |
LDAP | TCP, UDP |
427 |
SLP | TCP, UDP |
445 |
SMB | TCP, UDP |
513 |
rlogin | TCP |
520 |
RIP | UDP |
631 |
IPP | TCP, UDP |
646 |
LDP | TCP, UDP |
750 |
Kerberos-IV | UDP |
1900 |
SSDP | UDP |
3702 |
WSD | UDP |
11211 |
memcached | UDP |
If the port you need is not in the table, use the Nmap utility to check if it is available on the BareMetal server OS side.
| Port | Application layer protocol | Transport protocol |
|---|---|---|
25 |
SMTP1 | TCP |
1 SMTP traffic is blocked to avoid unauthorized newsletters. We recommend using Yandex Cloud Postbox as an alternative for newsletters.