How to Open a Port in Linux

Configurare noua (How To)

Situatie

The port number is a virtual concept in computer networking that provides a network identifier for a service or application. The number is a 16-bit integer from 0 to 65535 that combines with the IP address to create a network communication socket.

Prerequisites

  • Administrative system access.
  • Access to the terminal.
Listing Open Ports

Before opening a port on a system, check if the port you need is already open. The simplest way to do this is to pipe the output of the netstat command to the grep command.

netstat -na | grep :[port-number]

The syntax above tells grep to look for a specific port number in the port list provided by netstat. For example, to check if port 8080 is available on the system, type:

netstat -na | grep :8080

If the port is closed, the command returns no output.

Alternatively, use the following netstat command to display a list of listening ports:

netstat -lntu

The -l option looks for the listening ports, -n provides numerical port values, while -t and -u stand for TCP and UDP, respectively.

Listing open ports in Linux.
Opening a Port in Linux

The correct procedure for opening a port depends on the Linux distribution and the firewall you are using. The following sections provide steps for the three most common scenarios:

  • The UFW firewall on Ubuntu-based distributions.
  • firewalld on CentOS and other RHEL-based distributions.
  • The iptables utility for the systems without UFW and Firewalld.
Ubuntu and UFW Based Systems

UFW (Uncomplicated Firewall) for Ubuntu allows you to open a port with a single command:

sudo ufw allow [port-number]

Opening a port in Ubuntu with UFW.

Alternatively, open the port used by a specific service without stating the port number:

sudo ufw allow [service-name]

Note: After you finish creating the rules, ensure UFW is active on your system by typing:

sudo ufw enable
CentOS and Other Systems with firewalld

The firewalld tool on CentOS, Fedora, and other related distributions, enables users to control port access on their system. The following command opens a specific port:

sudo firewall-cmd –zone=public –add-port=[port-number]/[protocol] –permanent

Opening a port on RHEL based systems with firewalld.

Note: The --zone=public argument is necessary only in multi-zone system configurations. By default, firewalld assigns all interfaces to the public zone.

Linux Distributions without UFW or firewalld

While installing a full-fledged firewall is the recommended way of maintaining system security, some Linux distributions still use the legacy iptables solution. The iptables utility allows configuring rules to filter IP packets using the Linux kernel firewall.

Use the following command to create an iptables rule for opening a port:

sudo iptables -A INPUT -p [protocol] –dport [port] -j ACCEPT

The command creates an IPv4 rule. To create an IPv6 rule, use the ip6tables command:

sudo ip6tables -A INPUT -p [protocol] –dport [port] -j ACCEPT

The port number is specified with the --dport option. The -p flag allows you to define the protocol (tcp or udp). For example, to create an IPv4 rule for the TCP port 8080, type:

sudo iptables -A INPUT -p tcp –dport 8080 -j ACCEPT

Make iptables Rules Persist on Debian-Based Systems

The rules created using iptables do not persist after reboots.

Follow the steps to restore iptables rules after a reboot on Debian-based systems:

  • Save the IPv4 rules you created:

iptables-save > /etc/iptables/rules.v4

  • Store any IPv6 rules in a separate file:

ip6tables-save > /etc/iptables/rules.v6

  • Install the iptables-persistent package:

sudo apt install iptables-persistent

This package automatically reloads the contents of the rules.v4 and rules.v6 files when the system restarts.

Make iptables Rules Persist on RHEL-Based Systems

RHEL-based systems store the iptables configuration in a different location. Type the commands below to save the IPv4 and IPv6 rules, respectively:

iptables-save > /etc/sysconfig/iptables

ip6tables-save > /etc/sysconfig/ip6tables

  • Ensure the iptables-services package is installed:

sudo dnf install iptables-services

  • Start the service:

sudo systemctl start iptables

  • Enable the service:

sudo systemctl enable iptables

  • Save the iptables rule:

sudo service iptables save

Saving the iptables configuration.

Restart the service to enforce the rule:

sudo systemctl restart iptables

Opening a port can be helpful for various reasons, such as allowing incoming traffic to access a specific service or application on your system.

Solutie

Tip solutie

Permanent

Voteaza

Up Down
(11 din 19 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?