The following are some of the most common ports blocked by modern web browsers to prevent cross-protocol attacks:
- 1 (tcpmux)
- 7 (echo)
- 9 (discard)
- 20, 21 (FTP)
- 22 (SSH)
- 23 (Telnet)
- 25 (SMTP)
- 53 (DNS)
- 110 (POP3)
- 111 (SunRPC)
- 135, 137, 139 (NetBIOS)
- 143 (IMAP)
- 445 (SMB)
- 554 (RTSP)
- 2049 (NFS)
- 4045 (lockd)
- 6000-6063 (X11)
- 6665-6669 (IRC)
- 10080 (Amanda backup, blocked due to a specific NAT Slipstreaming vulnerability)
Key Points about the List
- Browser-Specific: This is a list enforced by web browser software (Chrome, Firefox, Safari, Edge), not by the operating system’s kernel or Docker networking.
- Protocol-Specific: The block usually only applies to HTTP, HTTPS, and FTP connections made via the browser (i.e., typing
http://localhost:6000into your address bar). - Not Universal: Other non-browser tools, such as
curlor Postman, typically ignore this “unsafe” list and can connect to these ports without issue. - Workarounds Exist (for development): For development or testing purposes, you can launch your browser with specific command-line flags to explicitly allow certain ports (e.g.,
--explicitly-allowed-ports=6000).