Blocked ports

Last update: December 26 2025

To secure the Selectel infrastructure from malicious network activity, we restrict access to certain TCP/UDP ports. Incoming and outgoing traffic is blocked when it passes the border routers at the edge of the Selectel Internet network.

For TCP port 25, only outgoing traffic to public IPv4 and IPv6 addresses is blocked. We recommend using Selectel mail service instead of port 25, as well as mail connections on TCP ports 587 and 465.

For a complete list of blocked ports, see the Blocked Ports List table. If a port is unavailable but not listed in the table, check its availability from the operating system side using the Nmap utility.

Some ports can be unlocked upon request.

List of blocked ports

Port and application protocol	Port assignment	Transport Protocol	Reason for blocking	Can be unlocked
17 QOTD	Transmitting a short text message when a client connects to the server	TCP/UDP	low security; risk of amplification attacks	✗
25 SMTP	Sending emails between servers in unencrypted form	TCP	Prevention of unauthorized mailings	✓
111 ONC RPC (SunRPC)	Mapping RPC services (nfs, mountd, etc.) to port numbers on the server	TCP/UDP	risk of detecting all RPC services; risk of unauthorized access to files	✗
135 Microsoft EPMAP	Mapping RPC calls to specific services and ports on the remote system	TCP/UDP	Risk of unauthorized access to the system	✓
137 NetBIOS Name Service	NetBIOS computer name resolution on a local network	TCP/UDP	The risk of being used for network reconnaissance; risk of unauthorized access to resources; spoofing of device names on the network (spoofing); DoS attacks	✓
138 NetBIOS Datagram Service	Transmit small messages between devices on the network without establishing a connection	TCP/UDP	Risk of attacks through insecure data transmission	✓
139 NetBIOS Session Service	Sharing files, printers, and ports on Windows networks via NetBIOS	TCP/UDP	Risk of attacks on SMB and NetBIOS vulnerabilities	✓
389 LDAP	Connecting to LDAP directory for authentication and data retrieval	TCP/UDP	the risk of password mining; risk of unauthorized access to directory data	✗
427 SLP	Discovery of network services and devices on the local network	TCP/UDP	the risk of amplification-attacks; risk of disclosing the structure of the intranet	✗
445 SMB	File sharing on Windows networks over TCP/IP without NetBIOS	TCP/UDP	Risk of attacks on SMB vulnerabilities	✓
520 RIP	Routing information exchange in small networks using RIP protocol	UDP	Risk of redirecting traffic to an attacker (route spoofing)	✗
1900 SSDP	Discovery of devices and services on the local network (printers, TVs, routers)	UDP	The risk of DoS attacks through request overload; risk of automatic opening of ports on the router	✗
3702 WS-Discovery	Dynamic discovery of web services on the local network	UDP	the risk of amplification-attacks; risk of unauthorized access to devices	✗
11211 Memcached	Memcached cache server access to accelerate web applications	TCP/UDP	the risk of amplification-attacks; risk of data leakage in the absence of authentication	✗

Unlock port

Ports 135, 137, 138, 139, 445.

Dedicated servers

You cannot unblock a port for public shared IP addresses of a dedicated server.

You can request port unblocking for dedicated subnets of a dedicated server.

1. Create a ticket. In the ticket specify:

   • the port to be unblocked;
   • the dedicated subnet of the dedicated server. You can view it in the Control Panel: in the top menu, click Products → Dedicated Servers → Network → Public Subnets tab;
   • a reason to unlock it.

2. Wait on the ticket for a Selectel employee to respond to unlock the port you specified.

Cloud servers

You cannot unblock a port for public cloud server shared IP addresses.

You can request to unblock a port for public subnets of the cloud server.

1. Create a ticket. In the ticket specify:

   • the port to be unblocked;
   • the public subnet of the cloud server. You can view it in the Control Panel: from the top menu, click Products → Cloud Servers → Network → Public Subnets tab;
   • a reason to unlock it.

2. Wait on the ticket for a Selectel employee to respond to unlock the port you specified.

Port 25

Dedicated servers

You cannot unblock a port for public shared IP addresses of a dedicated server in TAS-2, ALM-1, NBO-1 pools.

You can submit a port unlock request for:

• dedicated subnets of a dedicated server;

• public shared IP addresses of dedicated servers.

Each unlock request is considered individually, we do not guarantee a positive response.

1. Create a ticket. In the ticket specify:

   • the reason for the unlocking;

   • public dedicated subnet of the dedicated server. You can view it in the Control Panel: in the top menu, click Products → Dedicated Servers → Network → Public Subnets tab;

   • the public shared IP address of the dedicated server. You can view it in the control panel: from the top menu, click Products → Dedicated Servers → Server page → Network tab . IP addresses that are in the /32 subnet are public.

2. Wait for a Selectel employee to respond to your ticket with a decision. If we decide to remove the blocking, we will remove the blocking from the subnets and IP addresses you specified in step 1.

3. Check to see if mail is being sent through port 25.

Cloud servers

You can't unlock the port:

• for public cloud server subnets in pools uz-2, kz-1, ke-1;

• public shared IP addresses of the cloud server. To see if a public IP address is shared, you can use the control panel From the top menu, click Products → Cloud Servers → section Networks → tab Public IP addresses and Cloud routers - All IP addresses on these tabs are public.

You can request to unblock a port for public subnets of the cloud server.

Each unlock request is considered individually, we do not guarantee a positive response.

1. Create a ticket. In the ticket specify:

   • the reason for the unlocking;

   • the public subnet of the cloud server. You can view the subnet in the Control Panel: from the top menu, click Products → Cloud Servers → Network → Public Networks tab.

2. Wait for a Selectel employee to respond to your ticket with a decision. If we decide to remove the blocking, we will remove the blocking from the subnets you specified in step 1.

3. Check to see if mail is being sent through port 25.