For IT Pros This page contains information about the "Mostly Open" campus firewall group.
The Mostly Open group is designed for servers that are not web or email servers; it blocks the most commonly exploited ports while allowing all other traffic through. This group is too permissive for most desktops.
All except DNS, finger, HTTP, HTTPS, ICMP, IRC, LDAP, LPD, NFS, NNTP, SNMP, and SMTP. (A specific port list is available.)
Assuming that a machine uses the standard ports for its services, external users trying to access services from a machine in this group will find that many services are allowed. However, unlike the Mostly Closed group, several of the most common services are denied, in order to protect the machine from the most common exploits.
Services denied to users coming from outside the firewall include mail, chat, ping or traceroute, user lookup, unencrypted web servers, newsgroups, and network management services like directory access, network file sharing, and DNS (mapping machine names to IP addresses).
All (except the ports that are always blocked in both directions)