- How to close ports in Linux?
- 5 Answers 5
- How to Find and Close Open Ports in Linux
- Finding Open Ports in Linux
- Closing Open Ports in Linux
- How to Open and Close Ports on Linux: A Comprehensive Guide
- Finding Open Ports and Listening Sockets
- Using netstat command
- Using ss command
- Using lsof command
- Closing a Port by Stopping the Service
- How to locate and close an open port in Linux
- Using iptables Command to Open or Close a Port
- Using firewall-cmd Command to Open or Close a Port
- Troubleshooting Open Port Issues
- Other simple code examples for opening and closing ports in Linux
- Conclusion
- Frequently Asked Questions — FAQs
- What is the importance of opening and closing ports on Linux?
- What are the common issues encountered when opening or closing ports on Linux?
- How can I find open ports and listening sockets on Linux?
- How to Find Open Ports and Close Them in Linux
- Find open ports in Linux
- Close open ports in Linux
- Wrapping Up
How to close ports in Linux?
it show that 23/tcp port is closed. Which of them is true? I want to close this port on my whole system, how can I do it?
they are both true. TCP ports aren’t associated with hosts. they are associated with network interfaces. the difference is subtle but important. interfaces are often the same as hosts, but not always. in this case (as stated in answers) localhost is accessing the lo (loopback) interface. the IP Address is accesing your real interface, probably eth0 or wlan0 or somesuch.
5 Answers 5
Nmap is a great port scanner, but sometimes you want something more authoritative. You can ask the kernel what processes have which ports open by using the netstat utility:
me@myhost:~$ sudo netstat -tlnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1004/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 380/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 822/cupsd tcp6 0 0 . 22 . * LISTEN 380/sshd tcp6 0 0 ::1:631 . * LISTEN 822/cupsd
The options I have given are:
- -t TCP only
- -l Listening ports only
- -n Don’t look up service and host names, just display numbers
- -p Show process information (requires root privilege)
In this case, we can see that sshd is listening on any interface ( 0.0.0.0 ) port 22, and cupsd is listening on loopback ( 127.0.0.1 ) port 631. Your output may show that telnetd has a local address of 192.168.1.1:23 , meaning it will not answer to connections on the loopback adapter (e.g. you can’t telnet 127.0.0.1 ).
There are other tools that will show similar information (e.g. lsof or /proc ), but netstat is the most widely available. It even works on Windows ( netstat -anb ). BSD netstat is a little different: you’ll have to use sockstat(1) to get the process information instead.
Once you have the process ID and program name, you can go about finding the process and killing it if you wish to close the port. For finer-grained control, you can use a firewall (iptables on Linux) to limit access to only certain addresses. You may need to disable a service startup. If the PID is «-» on Linux, it’s probably a kernel process (this is common with NFS for instance), so good luck finding out what it is.
Note: I said «authoritative» because you’re not being hindered by network conditions and firewalls. If you trust your computer, that’s great. However, if you suspect that you’ve been hacked, you may not be able to trust the tools on your computer. Replacing standard utilities (and sometimes even system calls) with ones that hide certain processes or ports (a.k.a. rootkits) is a standard practice among attackers. Your best bet at this point is to make a forensic copy of your disk and restore from backup; then use the copy to determine the way they got in and close it off.
How to Find and Close Open Ports in Linux
Network and Server administration is one of the key areas in which Linux is actually preferred to any other operating system. Hence most data center admins are well versed with the Linux command line.
There can be scenarios when certain ports on a server, which were required to be closed, are open and causing unexpected traffic on the server.
Today, we will learn how to find and close an open port in Linux.
Finding Open Ports in Linux
For finding the open ports, we will make use of the ss command, which is preinstalled in most common Linux distributions and it is now the replacement for the previously very popular netstat command.
Let’s run the ss command with the following syntax, to get all listening TCP sockets:
Here, the ‘t’ stands for TCP and the ‘l’ stands for Listening sockets.
Similarly to get all listening UDP ports, run:
Observe the output. In the ‘State‘ column for UDP, all the ports have state UNCONN, i.e., unconnected. Since we only need the ports which are actively listening, we pipe the output and filter it with the grep command.
We can also combine the TCP and UDP output together.
Another addition that can be done here is: the argument ‘-n’ . In the output above, the command is resolving the name of the service associated with a port: Eg. HTTP, IPP, etc.
With the argument ‘-n’ it just shows the port number which is listening.
Closing Open Ports in Linux
The manual way to close an open port in Linux is quite tedious and programmatic. Hence, we will use the easier approach: to close the processes which are listening on the port.
We need to call ss with another argument, ‘-p’ to list the process which is using each port (run the command as a sudo user).
$ sudo ss -tulnp | grep LISTEN
As shown above, the last column lists the ‘users’, i.e., the processes which use the port number. Now you can close the port by terminating the process using it. For example, to close port 80, we have to stop the process ‘Apache2’.
$ sudo service apache2 stop OR $ sudo systemctl stop apache2
Thus, we have successfully closed port 80 and no process is listening on it any longer.
Conclusion
In this article, we learned how to find and close an open port in Linux. Many ports like 22 (SSH), 21 (Telnet), etc. should be kept closed at most times, as these are the ports from which cyber attacks can arise.
Other ports should also be closed when the process of using them is no longer required. Thanks for reading and let us know your thoughts in the comments below!
How to Open and Close Ports on Linux: A Comprehensive Guide
Learn how to open and close ports on Linux using various commands and tools, including netstat, ss, lsof, iptables, and firewall-cmd. Secure your network with this comprehensive guide.
Linux is a popular operating system that provides users with a powerful command-line interface. One of the most common tasks in Linux is opening and closing ports, which is important for security and network administration. In this blog post, we will discuss how to open and close ports on linux using various commands and tools. We will cover the key points, important points, and helpful points to help you understand the process and avoid common issues.
Finding Open Ports and Listening Sockets
Before opening a new port, it’s important to check for already opened ports or services. You can use the following commands to find open ports and listening sockets:
Using netstat command
The netstat command is a powerful tool that displays active network connections , routing tables, interface statistics, and more. You can use the -t option for TCP and -l for listening sockets with the netstat command. Here’s an example:
This command displays all TCP listening sockets with their respective port numbers. The output will look like this:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
Using ss command
The ss command is another tool that displays all listening sockets, including the port number and process name. You can use the following command to display all TCP listening sockets:
The output will look like this:
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 128 . 80 . *
Using lsof command
The lsof command shows all open files, including network sockets. You can use the following command to check open ports in the currently logged-in Linux system:
$ sudo lsof -i -P -n | grep LISTEN
This command displays all open ports with their respective process names. The output will look like this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1693 root 3u IPv4 27902 0t0 TCP *:22 (LISTEN) sshd 1693 root 4u IPv6 27904 0t0 TCP *:22 (LISTEN)
Closing a Port by Stopping the Service
To close a port, you need to find the service name and stop the service. You can use the following command to find the service name:
Once you have identified the service name, you can stop it using the following command:
For example, to stop the SSH service, you can use the following command:
How to locate and close an open port in Linux
Web With just a few tools, Jack Wallen shows you how to locate and close open ports in Linux like a network admin pro. Watch more How To videos: …
Using iptables Command to Open or Close a Port
iptables is a powerful tool that allows you to manage firewall rules on Linux. You can use the iptables command to open or close a port by specifying the port number and protocol. Here’s how you can open a port using iptables :
$ sudo iptables -A INPUT -p --dport -j ACCEPT
For example, to open TCP port 80, you can use the following command:
$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
To close a port using iptables , you can ignore any traffic to it, or block traffic to the port with the DROP command. Here’s how you can close a port using iptables :
$ sudo iptables -A INPUT -p --dport -j DROP
For example, to close TCP port 80, you can use the following command:
$ sudo iptables -A INPUT -p tcp --dport 80 -j DROP
Using firewall-cmd Command to Open or Close a Port
firewall-cmd is another tool that allows you to manage firewall rules on Linux. You can use the firewall-cmd command to open or close a port by service name or IP address. Here’s how you can open a port using firewall-cmd :
$ sudo firewall-cmd --zone=public --add-port=/ --permanent $ sudo firewall-cmd --reload
For example, to open TCP port 80, you can use the following commands:
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent $ sudo firewall-cmd --reload
To close a port using firewall-cmd , you can use the following command:
$ sudo firewall-cmd --zone=public --remove-port=/ --permanent $ sudo firewall-cmd --reload
For example, to close TCP port 80, you can use the following commands:
$ sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent $ sudo firewall-cmd --reload
Troubleshooting Open Port Issues
If you’re having issues with open ports, the following tips can help you troubleshoot:
- Check for conflicts with other services or applications running on the same port.
- Review log files for errors or warnings related to the open port.
- Test connectivity by trying to connect to the open port from another machine.
Other simple code examples for opening and closing ports in Linux
Conclusion
opening and closing ports on linux is an essential task for security and network administration. Different commands and tools can be used to achieve this task, including netstat , ss , lsof , iptables , and firewall-cmd . By following the key points, important points, and helpful points discussed in this blog post, you can successfully open and close ports on Linux, troubleshoot common issues, and secure your network.
Frequently Asked Questions — FAQs
What is the importance of opening and closing ports on Linux?
Opening and closing ports on Linux is important for security and network administration. It allows you to control network traffic and manage incoming and outgoing data.
What are the common issues encountered when opening or closing ports on Linux?
How can I find open ports and listening sockets on Linux?
You can use the ‘t’ option for TCP and ‘l’ for listening sockets with the netstat command or use the ss command to display all listening sockets.
How to Find Open Ports and Close Them in Linux
Troubleshooting networks? Here’s how to find the open ports and close those open ports in the Linux command line.
So you are dealing with a critical server where you have to maintain security at any cost. And closing ports to block unwanted traffic is the first step you’d take.
Find open ports in Linux
In this tutorial, I am going to use the ss command to find open ports.
You can use the -l option with the ss command to get listening ports. But to be more specific, I’m going with -lt to get listening TCP ports:
Similarly, if you want to have a list of both TCP and UDP in the listening state, you can use the given command:
And to get the listening port of each service, you can use -n and for more fine-tuned results, you can always use the grep command:
Enough of finding open ports, let’s jump to how you can close them.
Close open ports in Linux
To close the port, first, you will need to stop the service and to find the service name, you can use the same ss command with -p option:
sudo ss -tulnp | grep LISTEN
As you can see, the NGINX is utilizing port number 80. So let’s stop it using the given command:
sudo systemctl stop nginx
As it will enable itself on every boot and you can alter this behavior using the given command:
sudo systemctl disable nginx
For better results, I would recommend changing firewall rules.
Here, I’m going to block port no 80 (used by NGINX) in UFW (which is pre-installed in Ubuntu).
First, let’s check the status of UFW:
And if it shows inactive , you can use the given command to enable it:
Now, you just have to pair the deny option with the port number :
Wrapping Up
This was my take on how you can find and close open ports in Linux. I hope you will find this helpful.
And if you have any queries, let me know in the comments.