What is the minimal working ufw configuration for a Plex Media Server?

Plex Media Server
1

Server Version#: 1.32.6.7557

Setup

Ubuntu server that is running on an old laptop without a ethernet connection, but with a wifi card connected to my local network.

Goal

Block all incoming and outgoing ports/connections except the ones that are needed to run a Plex server (see here) and allow ssh from local network to specific port (lets say 12345).

What I did

IP of the plex server is fixed to 192.168.1.29.

Assume we start with a clean ufw config. I ran

sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow from 192.168.1.0/24 to 192.168.1.29 port 12345 proto tcp

and created the following in /etc/ufw/applications.d/plexmediaserver (taken from here)

[plexmediaserver]
title=Plex Media Server (Standard)
description=The Plex Media Server
ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp

[plexmediaserver-dlna]
title=Plex Media Server (DLNA)
description=The Plex Media Server (additional DLNA capability only)
ports=1900/udp|32469/tcp

[plexmediaserver-all]
title=Plex Media Server (Standard + DLNA)
description=The Plex Media Server (with additional DLNA capability)
ports=32400/tcp|3005/tcp|5353/udp|8324/tcp|32410:32414/udp|1900/udp|32469/tcp

Run sudo ufw app update plexmediaserver and then

sudo ufw allow from 192.168.1.0/24 to any app plexmediaserver

In total this gives

>sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip

To                                 Action      From
--                                 ------      ----
192.168.1.29 12345/tcp             ALLOW IN    192.168.1.0/24
32400/tcp (plexmediaserver)        ALLOW IN    192.168.1.0/24
3005/tcp (plexmediaserver)         ALLOW IN    192.168.1.0/24
5353/udp (plexmediaserver)         ALLOW IN    192.168.1.0/24
8324/tcp (plexmediaserver)         ALLOW IN    192.168.1.0/24
32410:32414/udp (plexmediaserver)  ALLOW IN    192.168.1.0/24

Questions

I have two questions:

  1. Are these all incoming ports that need to be opened? In my ufw logs, I still see some blocked entries by the firewall, e.g.
Oct 22 11:29:30 plexserver kernel: [ 1309.906089] [UFW BLOCK] IN=wlp2s0 OUT= MAC=xxxxx SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=13106 DF PROTO=2

What incoming ports need to be further opened here?

  1. What outgoing connections need to opened for plex to work? I have a lot of blocked things like
Oct 22 11:43:24 plexserver kernel: [ 2144.300474] [UFW BLOCK] IN= OUT=wlp2s0 SRC=192.168.1.29 DST=192.168.1.255 LEN=49 TOS=0x00 PREC=0x00 TTL=64 ID=14661 DF PROTO=UDP SPT=45732 DPT=32412 LEN=29

Now ofc. this comes from the rule that says block all outgoing traffic by default, but I would like to know what is the minimum required open ports/connections for plex to work…

2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.