I have a need to leverage firewalling on my PMS, and I need to understand the EXACT list of rules that are necessary for Plex to operate correctly.
I am allowing all TCP and UDP traffic from my local network. What other -INBOUND- traffic rules are required?
These rules apply to the local firewall on the machine where Plex Server runs:
https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
For remote access you only need to allow one port in your router (TCP) (forwarded to the default port 32400 on your internal Plex server machine. The external port number can be chosen quite freely.)
https://support.plex.tv/hc/en-us/articles/200931138-Troubleshooting-Remote-Access
I recommend setting your server to router connection with a server static IP address rather than Dynamic Name Services (DHCP). Once you have a static address, in your router set up a rule (name is Plex or whatever) using port range of 32400-32400, default port 32400, TCP protocol, both directions and attach that rule to you servers static IP address.
@OttoKerner said:
These rules apply to the local firewall on the machine where Plex Server runs:
https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-For remote access you only need to allow one port in your router (TCP) (forwarded to the default port 32400 on your internal Plex server machine. The external port number can be chosen quite freely.)
https://support.plex.tv/hc/en-us/articles/200931138-Troubleshooting-Remote-Access
Thank you. This is exactly what I was searching for.
For Windows users, here are some helpful PowerShell commands to create the port openings. Note, they only create the port openings for Domain and Private network profiles. If you actually do want to open the ports for direct internet access, you can add ‘Public’ to the list in each command where ‘Domain’ and ‘Private’ are listed.
At an Administrative PowerShell prompt, paste in the following (tested on PS 5.x)
New-NetFirewallRule -DisplayName ‘Plex Media Server Inbound TCP’ -Profile @(‘Domain’, ‘Private’) -Direction Inbound -Action Allow -Protocol TCP -LocalPort @(‘3005’, ‘8324’, ‘32400’, ‘32469’) -Description ‘TCP Ports for Plex Media Server.’
New-NetFirewallRule -DisplayName ‘Plex Media Server Outbound TCP’ -Profile @(‘Domain’, ‘Private’) -Direction Outbound -Action Allow -Protocol TCP -LocalPort @(‘3005’, ‘8324’, ‘32400’, ‘32469’) -Description ‘TCP Ports for Plex Media Server.’
New-NetFirewallRule -DisplayName ‘PlexMedia Server Inbound UDP’ -Profile @(‘Domain’, ‘Private’) -Direction Inbound -Action Allow -Protocol UDP -LocalPort @(‘1900’,‘5353’,‘32410’,‘32412’,‘32413’,‘32414’) -Description ‘UDP Ports for Plex Media Server.’
New-NetFirewallRule -DisplayName ‘PlexMedia Server Outbound UDP’ -Profile @(‘Domain’, ‘Private’) -Direction Outbound -Action Allow -Protocol UDP -LocalPort @(‘1900’,‘5353’,‘32410’,‘32412’,‘32413’,‘32414’) -Description ‘UDP Ports for Plex Media Server.’
The article:
https://support.plex.tv/articles/201543147-what-network-ports-do-i-need-to-allow-through-my-firewall/
is not clear which ports require inbound, outbound, or both. The above commands will create inbound and outbound for both TCP and UDP traffic. It would be nice if Plex indicated in more detail how much is needed to only give as much as necessary
