What port needs to be open for Debian to get updates?
I was considering deploying my web application on a Debian virtual machine. However, I want to lock it down as tight as possible (i.e. traffic in/out). I was wondering which, if any, port I needed to leave open to allow for updates.
Solution 1:
All a default Debian install needs for updates is DNS traffic for name->address lookups (though you can remove this requirement by having the relevant names in your /etc/hosts file) and HTTP traffic to the servers listed in your sources.list
file.
Solution 2:
Just about all apt-get sources use http, check your /etc/apt/sources.list.
You can also check the ruleset of iptables or ipchains to see if there is a rule that affects apt-gets usage.