How to open ports in your firewall linux

How To Ubuntu Linux Firewall Open Port Command

Ubuntu Linux firewall open port command

The program is for managing a Linux firewall is ufw. It aims to provide an easy to use interface for the user/sysadmins and developers. For example:

Tutorial details
Difficulty level	Easy
Root privileges	Yes
Requirements	ufw command on Ubuntu/Debian Linux
Est. reading time	3 minutes

1. You can open/close ports with ufw allow command.
2. Block an IPv4/IPv6 address.
3. Delete existing firewall rules.
4. Turn on or off firewall logs.
5. And more.

Let us see some examples of ufw firewall to open port on Ubuntu server.

How do I see the current status of my firewall?

Type the following command:
sudo ufw status verbose
Sample outputs:

Fig.01: Check the status of UFW on a Ubuntu Linux

How do I open tcp port # 22?

To allow incoming tcp packets on port 22, enter:
sudo ufw allow 22/tcp
Verify it:
sudo ufw status verbose

How do I open tcp port # 80 and 443?

The service specific syntax is as follows to open http and https service ports:
sudo ufw allow http
sudo ufw allow https
OR
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

How do I open tcp and udp port # 53?

To allow incoming tcp and udp packet on port 53, enter:
sudo ufw allow 53
Verify it:
sudo ufw status verbose

Advanced examples for opening TCP and UDP ports

To allow IP address 192.168.1.10 access to port 22 for all protocols
sudo ufw allow from 192.168.1.10 to any port 22
Open port 74.86.26.69:443 (SSL 443 nginx/apache/lighttpd server) for all, enter:
sudo ufw allow from any to 74.86.26.69 port 443 proto tcp
To allows subnet 192.168.1.0/24 to Sabma services, enter:
ufw allow from 192.168.1.0/24 to any app Samba
You can find service info as follows:
sudo ufw app list
Sample outputs:

To get information on Squid profile/app, run:
ufw app info Squid
Sample outputs:

Denying/blocking port access

We can add deny rule as follows to block all access to port 25:
sudo ufw deny 25
sudo ufw deny 25/tcp comment ‘Block access to smptd by default’

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

How to delete ufw rules

We can list firewall rules using the following syntax on Ubuntu Linux:
sudo ufw status
sudo ufw numbered
Once we found firewall rule number delete by that number:
sudo ufw delete
sudo ufw delete 5
Another option is to type:
ufw delete deny 25/tcp comment ‘Block access to smptd by default’

Conclusion

In this page, you learned how to open TCP and UDP ports using UFW which is a default firewall management tool on Ubuntu Linux. See ufw command man page for more info and all other my tutorials below:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

How to open ports in your firewall linux

We might try to start with the firewall definition which is needed to fulfil understanding of «port-vocabulary». Firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a network. It is in charge of managing Allow and Deny rules for ports.

Accordingly to the topic of this guide we would like to open ports in Linux distributions such as Ubuntu or CentOS. Both distros allow to configure it with different set of tools (firewalls packages) but with the same results.

Tools that we will be using:

Let’s have a look at the Ubuntu scenario first:

This distribution contains preinstalled service UFW(Uncomplicated Firewall) by default. It simplifies the whole configuration and it is user-friendly for every person.

Check the service status with standard systemctl command:

Enable UFW with enable command:

Syntax to open specific TCP port:

Syntax supports also names which reffer to specific ports:

To allow incoming tcp and udp packet on port 21, enter:

Example for specific IP Address:

Let’s check the configuration:

Command displays a provisional table with three columns:

Explanations:

• To – describes the particular protocol

• Action – tells us whether it is allowed or denied

• From – It says about the source e.g anywhere or one ip address like presented above

It’s time for CentOS already:

Firewalld is more advanced tool which uses zones in its configuration. They are responsible for taking care of some area, or one “attached” network interface.

Firewalld is frontend controller for iptables used to implement persistent network traffic rules.

Let’s take a look for a bunch of commands that elaborate with firewalld.

1. Start our service with stardand systemctl command:

This command informs us about state of service. It may only display two sentences: “running” or “no running”

Default zone is public. In this short tutorial we will not be changing it, but if you would like to then use this commands:

Let’s try to add tcp traffic on port 1112:

TO reload and get those changes applied instantly we have to reload the firewalld state.

We may obtain a readable review of our new rule with listing command:

To allow a ssh connection on specific Ipv4 we have to use syntax with “rich rule”

That’s the quick tutorial for firewalld.

Hint:

Firewall is the default package for CentOS to manage incoming and outcoming traffic. If the UFW seems more preferable for you may install those packages too.

Источник

How to open Ports on Iptables in a Linux server

Introduction

Iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Iptables almost always comes pre-installed on any Linux distribution.Having a properly configured firewall is very important for the overall security on your server.

In this article,We will share you the steps to open the ports in Iptables firewall in Ubuntu and Centos distribution

Prerequisite

Sudo access to Ubuntu or Centos server with Iptable installed in it.

Step 1 : List the current Iptables rules

Connect to your server with Sudo access and to list the current rules that are configured for iptables,Use below command

We can see output as below,Which will display all the rules that are configured currently

Step 2 : Backup the Iptables

Before proceeding with adding rules in Iptable,We need to take a backup of Iptable rules, Incase if any issue with configuration of Iptables we can restore the rules from backup

Use below commands to save an Iptable rule

Step 2 : Add/Remove an Iptable rule

Once we are aware of the rules that are currently configured,We can open a port in IPtables by adding a rule using below command.

Note: Replace xxxx with required port number you wish to open

For example to open a Mysql port 3306,We need to run below command.

This basically tells the Iptable to accept connection to Mysql publicly.

You can view the same with iptables -L as mentioned on step1

If you wish to remove the rule that was recently added,You can use below command

If you do not wish to open port publicily,You can open port for a Single IP.

Use below command to open port only for Single IP

Note: Kindly Replace your_server_ip to the required IP in above command and Replace xxxx with the required port

Step 3 : Save the Iptable Rule

Once we have added the rules,We need to save the rules and make them permanent.If you are using Ubuntu You can use iptables-persistent and for Centos you use iptables save command

On Ubuntu 14.04 use the following commands to save/reload the iptables rules

On Ubuntu 16.04 and Ubuntu 18.04 use the following commands

If you are using centos,Use Below command

Step 4 : Restore Iptables Backup

If there is any issue with your Iptables configuration rule,You can revert back the changes with below command and restore the file which was backed up in step2

Conclusion

Following the above article will have helped you open/close the ports in your Linux system,Implementing a proper firewall iptables should always be considered high priority for your setup as it allows system-administrators to secure your system and allowing only the required ports publicly or restricting them to particular IP

Источник

Opening a port on Linux

Linux Tutorials

Before we learn about opening a port on Linux, let’s understand what network ports are. A port is a communication endpoint. Within an operating system, a port allows the data packets specific processes or network services.

Typically, ports identify a specific network service assigned to them. This can be changed by manually configuring the service to use a different port, but in general, the defaults can be used.

The first 1024 ports (Ports 0-1023) are referred to as well-known port numbers and are reserved for the most commonly used services include SSH (port 22), HTTP and HTTPS (port 80 and 443), etc. Port numbers above 1024 are referred to as ephemeral ports.

Among ephemeral ports, Port numbers 1024-49151 are called the Registered/User Ports. The rest of the ports, 49152-65535 are called as Dynamic/Private Ports.

In this tutorial, we will show how we can open an ephemeral port on Linux, since the most common services use the well-known ports.

List all open ports

Before opening a port on Linux, let us first check the list of all open ports, and choose an ephemeral port to open from that list.

We can use the netstat command to list all open ports, including those of TCP, UDP, which are the most common protocols for packet transmission in the network layer.

NOTE: If your distribution doesn’t have netstat , it is not a problem. You can use the ss command to display open ports via listening sockets.

This will print all listening sockets ( -l ) along with the port number ( -n ), with TCP ports ( -t ) and UDP ports ( -u ) also listed in the output.

Just to ensure that we are getting consistent outputs, let’s verify this using the ss command to list listening sockets with an open port.

This gives more or less the same open ports as netstat , so we are good to go!

Opening a port on Linux to Allow TCP Connections

Let’s open a closed port and make it listen to TCP Connections, for the sake of this example.

Since port 4000 is not being used in my system, I choose to open port 4000. If that port is not open in your system, feel free to choose another closed port. Just make sure that it’s greater than 1023!

Again, just to make sure, let’s ensure that port 4000 is not used, using the netstat or the ss command.

The output must remain blank, thus verifying that it is not currently used, so that we can add the port rules manually to the system iptables firewall.

For Ubuntu Users and ufw firewall based Systems

Ubuntu has a firewall called ufw , which takes care of these rules for ports and connections, instead of the old iptables firewall. If you are a Ubuntu user, you can directly open the port using ufw

You can skip the next few steps, and directly test your newly opened port!

For CentOS and firewalld based Systems

For these types of systems, if you have firewalld as your primary firewall, it is recommended that you use the firewall-cmd to update your firewall rules, instead of the old iptables firewall.

NOTE: This will reset the firewalld rules to default on a reboot, so if you want to modify this setting permanently, add the —permanent flag to the command.

You can skip the next few steps, and directly test your newly opened port!

For Other Linux Distributions

So let’s add this new port to our system iptables rules, using the iptables command.

If this command is not yet installed, get it using your package manager.

This sets the firewall to append ( -A ) the new rule to accept input packets via protocol ( -p ) TCP where the destination port ( —dport ) is 4000, and specifies the target jump ( -j ) rule as ACCEPT.

To update the firewall rules, restart the iptables service.

OR using systemctl if you have it.

Test the newly opened port for TCP Connections

Now that we have successfully opened a new TCP port (Port 4000 in my case), let’s test it out.

First, we will start netcat ( nc ) and listen on port 4000, while sending the output of ls to any connected client. So after a client has opened a TCP connection on port 4000, they will receive the output of ls .

This makes netcat listen on port 4000. Leave this session alone for now.

Open another terminal session on the same machine.

Since I’ve opened a TCP port, I’ll use telnet to check for TCP Connectivity. If the command doesn’t exists, again, install it using your package manager.

Format for telnet:

So input your server IP and the port number, which is 4000 in my case, and run this command.

This tries to open a TCP connection on localhost on port 4000.

You’ll get an output similar to this, indicating that a connection has been established with the listening program ( nc ).

As you can see, the output of ls ( while.sh in my case) has also been sent to the client, indicating a successful TCP Connection!

To show you that the port is indeed open, we can use nmap to check this.

Indeed, our port has been opened! We have successfully opened a new port on our Linux system!

NOTE: nmap only lists opened ports which have a currently listening application. If you don’t use any listening application such as netcat, this will display the port 4000 as closed, since there isn’t any application listening on that port currently. Similarly, telnet won’t work either, since it also needs a listening application to bind to. This is the reason why nc is such a useful tool. This simulates such environments in a simple command.

But this is only temporary, as the changes will be reset every time we reboot the system.

Need to update rules after every reboot

The approach presented in this article will only temporarily update the firewall rules until the system shuts down/reboots. So similar steps must be repeated to open the same port again after a restart.

For ufw Firewall

The ufw rules are not reset on reboot, so if you’re a Ubuntu user, you need not worry about this part!

This is because it is integrated into the boot process and the kernel saves the firewall rules using ufw , via appropriate config files.

For firewalld

As mentioned earlier, firewalld also suffers from the same problem, but this can be avoided by appending a —permananent flag to the initial command, when opening a port or setting any other rule.

For example, you can open the TCP Port 4000 permanently using the below command:

For iptables

For the iptables firewall, although this inconvenience cannot be avoided, we could minimize the hassle.

We can save the iptables rules to a config file, such as /etc/iptables.conf .

We can then retrieve it from the config file after we reboot, using the below command:

Now, the iptables rules are now updated, and our ports are opened again!

Conclusion

In this tutorial, we showed you how you could open a new port on Linux and set it up for incoming connections.

Источник