Are all standard destination ports really needed?

Dear IPFire Community

I am a CS student and need to set up a firewall with IPFire for a Kindergarten for my uni project. I do not have any experience with setting up networks whatsoever. I was wondering if someone could explain to me, if all the destination ports that are set by default on IPFire are really necessary? Or would you delete some of it from the standard settings to make it as safe as possible for a Kindergarten?
Thank you very much for your help.

@student , welcome to the IPFire project.

I suppose, the shown settings are from the proxy page. I wouldn’t change these. If you want to disallow some destination ports, it is better to do this in the FW rules. These work on all traffic, not just in the proxy environment.
Besides this, it is much better to manage internet access with URLFilter, IPS, … The IP ports are used by good and bad sites. Wikipedia and any porn site use HTTPS ( port 443 ), for example.

@bbitsch, thank you very much for the quick reply! Yes, the shown settings are from the proxy page. It’s good to know that this should better be handled in the FW rules.
I added the port #53 dns to the allowed standard ports on the left side. Is that okay or not really necessary? Thanks!

It isn’t necessary, because the DNS requests go directly to the configured server.
Squid ( the proxy ) handles web requests ( HTTP and HTTPS, mainly ) only.