What port needs to be open for Debian to get updates?

I was considering deploying my web application on a Debian virtual machine. However, I want to lock it down as tight as possible (i.e. traffic in/out). I was wondering which, if any, port I needed to leave open to allow for updates.


Solution 1:

All a default Debian install needs for updates is DNS traffic for name->address lookups (though you can remove this requirement by having the relevant names in your /etc/hosts file) and HTTP traffic to the servers listed in your sources.list file.

Solution 2:

Just about all apt-get sources use http, check your /etc/apt/sources.list.

You can also check the ruleset of iptables or ipchains to see if there is a rule that affects apt-gets usage.