How to Open a Port on a Linux Server Firewall

Table of contents:

How to Open a Port on a Linux Server Firewall
How to Open a Port on a Linux Server Firewall

Video: How to Open a Port on a Linux Server Firewall

Video: How to Open a Port on a Linux Server Firewall
Video: How to Upload an Image or Video File on Discord 2024, December
Anonim

This wikiHow teaches you how to open ports on three popular firewalls. If you use a product such as ConfigServer Firewall (CSF) or Advanced Policy Firewall (ADP), you can control which ports are open in the main wall configuration file. If you use Uncomplicated Firewall (UFW), Ubuntu's main firewall option, you can add rules on the command line, without editing complicated files.

Step

Method 1 of 3: Using Uncomplicated Firewall for Ubuntu

Open Ports in Linux Server Firewall Step 1
Open Ports in Linux Server Firewall Step 1

Step 1. Log in to the server

If you are using Ubuntu on a desktop computer, press Ctrl+Alt+T to open a Terminal window.

Open Ports in Linux Server Firewall Step 2
Open Ports in Linux Server Firewall Step 2

Step 2. Type in sudo ufw status verbose and press Enter

If UFW is already running, you'll see a status message, as well as a list of firewall rules (including open ports) that already exist.

If you see the message “Status: inactive”, type sudo ufw enable in the command window and press Enter to launch the firewall

Open Ports in Linux Server Firewall Step 3
Open Ports in Linux Server Firewall Step 3

Step 3. Use sudo ufw allow [port number] to open the port

For example, if you want to open an SSH port (22), type kbd and press Enter. You don't need to re-run the firewall because the changes will take effect immediately.

  • If the port you want to open is the port for the service shown in the /etc/services list, just type the name of the service instead of the port number. For example: sudo ufw allow ssh.
  • To open a port within a specific range, use the syntax sudo ufw allow 6000:6007/tcp and replace 6000:6007 with the desired range. If the range is UDP port range, replace tcp with udp.
  • To specify an IP address that can access a port, use the following syntax: sudo ufw allow from 10.0.0.1 to any port 22. Replace 10.0.0.1 with the IP address, and 22 with the port you want to open for that address.
Open Ports in Linux Server Firewall Step 4
Open Ports in Linux Server Firewall Step 4

Step 4. Remove the firewall rules that you don't need

Ports that are not specifically opened will be blocked automatically. If you open a port that you want to close, follow these steps:

  • Type in sudo ufw status numbered and press Enter. A list of all firewall rules is displayed and each entry begins with a number that represents it on the list.
  • Identify the number at the beginning of the rule you want to delete. For example, you want to delete a rule that opens port 22, and that rule is mentioned in number 2.
  • Type sudo ufw delete 2 and press Enter to delete the rule on the second line (or number 2).

Method 2 of 3: Using ConfigServer Firewall

Open Ports in Linux Server Firewall Step 5
Open Ports in Linux Server Firewall Step 5

Step 1. Log in to the server

If you are not logged in as the root user, you can use the su command to access root and adjust the configuration.

Open Ports in Linux Server Firewall Step 6
Open Ports in Linux Server Firewall Step 6

Step 2. Open the directory that created the CSF configuration file

This file is named csf.conf and is saved to the /etc/csf/csf.conf directory by default. To open the directory, type cd /etc/csf and press Enter.

Open Ports in Linux Server Firewall Step 7
Open Ports in Linux Server Firewall Step 7

Step 3. Open csf.conf in a text editing program

You can use any text editing program you want, such as vim or nano.

To open csf.conf in vim, type vim csf.config and press Enter

Open Ports in Linux Server Firewall Step 8
Open Ports in Linux Server Firewall Step 8

Step 4. Add the input port to the TCP_IN list

These ports are TCP ports. After opening the file, you can see the TCP_IN and TCP_OUT segments. The TCP_IN segment displays the open TCP input TCP ports separated by commas. The ports are displayed numerically for your convenience, but when entering ports, you don't have to follow the existing order. You can add ports at the end of the sequence, and simply separate the added ports with a comma.

  • For example, you want to open port 999 and the already open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995.
  • After adding port 999 to the list, the port set will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999.
  • To access input/typing mode in vim, press the i key on the keyboard.
Open Ports in Linux Server Firewall Step 9
Open Ports in Linux Server Firewall Step 9

Step 5. Allow TCP output ports in the TCP_OUT list

As you did with the input ports, add the output TCP ports you want to open to the TCP_OUT list.

Open Ports in Linux Server Firewall Step 10
Open Ports in Linux Server Firewall Step 10

Step 6. Save changes and close the file

Follow these steps to save and close the file:

  • Press the Esc key.
  • Type:wq!.
  • Press Enter.
Open Ports in Linux Server Firewall Step 11
Open Ports in Linux Server Firewall Step 11

Step 7. Type in service csf restart and press Enter

The firewall will restart and new ports will be opened.

To block or close a port, reopen the file, delete the port, save the file, and restart the firewall

Method 3 of 3: Using Advanced Policy Firewall

Open Ports in Linux Server Firewall Step 12
Open Ports in Linux Server Firewall Step 12

Step 1. Log in to the server

If you are not logged in as the root user, you can use the su command to access root and adjust the configuration.

Open Ports in Linux Server Firewall Step 13
Open Ports in Linux Server Firewall Step 13

Step 2. Open the directory that contains the APF configuration files

The file you need to find is called conf.apf and is located in the /etc/apf directory by default. Type cd /etc/apf to access that directory.

Open Ports in Linux Server Firewall Step 14
Open Ports in Linux Server Firewall Step 14

Step 3. Open conf.apf in a text editing program

You can use any program you want, like vim or nano.

To open conf.apf in vim, type vim conf.apf and press Enter

Open Ports in Linux Server Firewall Step 15
Open Ports in Linux Server Firewall Step 15

Step 4. Add the input port to the IG_TCP_CPORTS list

Once the file is opened, you can see the IG_TCP_CPORTS and EG_TCP_CPORTS segments. The IG_TCP_CPORTS segment displays the open input ports separated by commas. The ports are listed numerically for your convenience, but you don't have to follow the order. You can add ports to the end of the string and separate them with a comma.

  • For example, you want to open port 999 and the currently open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995.
  • After adding port 999 to the IG_TCP_CPORTS list, the order of the ports will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999.
  • To access input/typing mode in vim, press the i key on the keyboard.
Open Ports in Linux Server Firewall Step 16
Open Ports in Linux Server Firewall Step 16

Step 5. Add the output port to the EG_TCP_CPORTS list

As with input ports, add the output TCP ports you want to open to the EG_TCP_CPORTS list.

Open Ports in Linux Server Firewall Step 17
Open Ports in Linux Server Firewall Step 17

Step 6. Save changes and close the file

Follow these steps to save and close the file:

  • Press the Esc key.
  • Type:wq!.
  • Press Enter.
Open Ports in Linux Server Firewall Step 18
Open Ports in Linux Server Firewall Step 18

Step 7. Type in service apf -r and press Enter

The APF firewall will restart and new ports will be opened.

To block or close a port, reopen the file, delete the port, save the file, and restart the firewall

Tips

  • If you see a port that is not needed or used by a running service, close the port. Don't leave the door open to intruders!
  • If you start adding randomly (and completely haphazardly) open ports, YOU WILL BE HACKED! Therefore, make sure you don't give way to hackers. Only open the ports you really need.

Recommended: