Transport layer port and firewall

When a communication is initiate the OS chooses randomly a port number greater than 1023. As long as it does not conflict with other ports in use on the system at that moment. I wonder how the firewall knows about this port? Or a firewall rule should always allow any port from the inside LAN?

Thanks.

When a communication is initiate the OS chooses randomly a port number greater than 1023.

The OS assigns a random source port, usually called an ephemeral port, outside of the reserved port range. By convention that reserved port range is set to the first 1024 ports, but that is adjustable. At least on Linux with which I'm most familiar.

Additionally Linux has a kernel tuneable to further control from which port range the ephemeral port is selected: sysctl net.ipv4.ip_local_port_range.

Windows has similar controls to govern ephemeral port ranges and I imagine other OS's do as well.

I wonder how the firewall knows about this port?

It doesn't.

That's why generally firewall rules do not include source ports. Firewall rules are usually only based on one or more of:

• Source IP-address/range
• Destination IP-address/range
• Destination port number(s)
• Protocol

Only when the client does not use an ephemeral port for client-server connections, but a fixed one, will it make sense to use the source port in rules. (NTP comes to mind.)