So, allow me to give you some insight into what you see here.
Most importantly, you are scanning 127.0.0.1 - this is local services or services listening on all IPs. MANY services such as printing, etc. rely on internal listeners that can only be accessed from localhost in order to function - CUPS included (that's your print system).
You have three services that're visible on the localhost address - CUPS (the print polling system) on tcp/631 is well known and seen by NMAP. That's normal.
"Service Unknown" is dependent on a signature being made for each service in NMAP's services mapping file. While 631 is assigned by IANA to CUPS and ipp
, the ports 6327 through 6342 are not assigned by IANA, and therefore does not have a services file entry in NMAP's known services. It was able to identify 6342 as SSL but not a specific service.
This is where my comment to you asking you to run sudo ss -tulpn
and then include that output in your question will help yield information. Unlike nmap
, ss
will actually list what programs/daemons are using those ports that're being listened on. This will help to ID the 'unidentified services' being listened to on your system. It has nothing to do with UFW or your rules there, because a search on localhost
runs on the loopback lo
interface which is ALWAYS open for local computer communication to itself, and not something to be worried about in an nmap
scan so long as you have the firewall enabled and disable external connections by default (this is the default in UFW).