Which TCP and UDP ports are required to run an Ethereum client?
Ethereum clients use a listener (TCP) port and a discovery (UDP) port, both on 30303 by default.
If you need to run JSON-RPC, you'll also need TCP port 8545. Note that JSON-RPC port should not be opened to the outside world, because from there you can do admin operations.
All client's ports can be customized from the default.
If you want geth/eth to find UPnP, you'll also want that enabled on your router. That's just so it can listen on a port, not necessary if you've already manually opened/routed them.
About the wiki page you linked, it reports actually just an example:
If the TCP and UDP (discovery) ports differ, the UDP port is specified as query parameter discport.
In the following example, the node URL describes a node with IP address 10.3.58.6, TCP listening port 30303 and UDP discovery port 30301.
I think this misunderstanding is spreading also because of the behavior of the bootnode util. In fact, it uses 30301 as default UDP discovery port.
Note: geth will use IPv6 as a priority if it is available which may cause problems if you assume it is listening to the IPv4 address.
I have both of those ports opened and yet I cannot sync. It appears that geth is attempting to connect to peers through other TCP ports. See https://ethereum.stackexchange.com/questions/26652/geth-connectivity-behind-a-firewall
And make sure you activelly block inbount JSON-RPC (8545) https://etherscan.io/address/0x957cd4ff9b3894fc78b5134a8dc72b032ffbc464#comments