Is opening both TCP/UDP less secured than just TCP or UDP when needed and why?

So, SSH needs port 22/tcp. You're asking if opening 22/tcp and 22/udp presents a security vulnerability. The answer is "no" if nothing is listening to 22/udp. If some other application is listening to 22/udp, an application which you wouldn't want open to other hosts, then it could. There are such combinations (syslog and rsh share 514, for example).

That being said, there's really not much excuse for not knowing which an application uses. On Linux, for example, you can use netstat -tunlp or lsof -i to see which program is listening to which port(s), and tune your firewall rules correctly.


Just want to expand on @gowenfawer 's really outstanding answer.

Even if a process is not currently listening on a specified port, that might not be true in the future...

IE: Somebody is hosting a SMTP server; it shifts mail around. There's no webserver on it, so the admin leaves ports tcp/80 & TCP/443 wide open. Neither Apache or Nginx are running on it, so why bother writing an iptables rule?

Then someone hacks his mailserver and starts running a webserver hosting illegal content: could be porn, malware, who knows; the mind boggles at what the miscreant could serve from somebody else's server. Indeed, a smart skunk doesn't stink-up their own hole: people who do that sort of thing are going to use other folk's servers.

Had those ports been preemptively filtered, disaster would have been averted. Remember: you're only paranoid when they're not really out to get you