Linux iptables open all ports

How to open a Specific Port in IPtables Firewall on a Linux server

Iptables is a firewall installed by default on all linux distributions to drop unwanted traffic/access to the server. Iptables interact with ‘netfilter’ packet filtering framework.

Using Iptables command you can add, edit and delete firewall filter rules. You must have server root access to make changes in Iptables firewall.

IMPORTANT: Be careful when you execute Iptables firewall commands on server backend because some commands might lock you out from the server. Before running the iptables command, you must double check the command and also you must know what all changes the rules will do on the server.

How to Open an incoming port in IPtables

2. Run the below command to open incoming port

iptables -A INPUT -p tcp –dport portnumber -j ACCEPT

In the above command “portnumber” should be replaced with the incoming port number you wish to open

INPUT = INPUT means incoming traffic to the server. (The server port can be accessed from outside the server). An example is given below

3. Run the command “service iptables save” to save the firewall rules

root@server1 [~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

iptables -A INPUT -i eth0 -p tcp –dport 80 -j ACCEPT

-i = Interface name (Example : eth0, eth1, venet0 etc)

-p = Protocol (example : tcp, udp etc)

How to Open an Outgoing Port in Iptables firewall

2. Run the below command to open outgoing port

iptables -A OUTPUT -p tcp –dport portnumber -j ACCEPT

“portnumber” in the above command should be replaced with the actual outgoing port number you wish to open.

OUTPUT = OUTPUT means outgoing traffic from the server. (From server to outside)

An example is given below :

3. Do not forget to save the IP tables rules : “service iptables save”

You must save the iptables rules after making any changes in iptables firewall. Rules will be removed if it is not saved.

Command to save the firewall rules : “service iptables save”

root@server [~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

Читайте также:  Установка в linux bundle

On the above server you can see that firewall rules are saved to file “/etc/sysconfig/iptables”. Open the file /etc/sysconfig/iptables using vi editor and you can see all the rules on the server, including the rules you have added.

On ubuntu servers “service iptables save” command will not work so you must use the command “iptables-save”

“iptables -nL | grep 3032” will show the above rule you have added on the server.

Источник

How to Open port IPTables – Close port IPtables

Open and Close Ports using IPTables – Open a port in IPtables

IPtables is the default firewall used on CentOS and RHEL systems. On most F2H services like NVMe VPS Servers or Dedicated Servers, you will find the firewall is active but all ports are open. We do this to ensure all users can connect to services they may install like cPanel or Plesk. So, If you want to close ports on your server or even open port IPtables if you have a pre-configured firewall you can use the rules below to open and close ports on your firewall.

But, if you use CentOS 7 or above it’s likely you are using FirewallD and not IPtables. We have written a guide on how to open ports and close ports when using FirewallD

List Current Firewall Rules

This command lists all the current firewall rules loaded into IPtables.

Open port IPtables

You can open port centOS servers by adding a new rule to IPtables. You should restart IPtables after adding rules.

iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT service iptables save

Therefore, this command opens port 80 in IPtables, to open different ports Just swap the 80 for the port number you wish to open. Run the service iptables save command to save the rules to your firewall configuration.

Close port IPtables

iptables -I INPUT -p tcp -m tcp --dport 80 -j REJECT service iptables save

So, this command would close port 80 in IPtables and no one would be able to connect via that port. Just swap the 80 for your required port number then run the service iptables save command to save this to your IPtables configuration. You can also use the DROP command instead of REJECT.

If you use a CentOS 7 or CentOS 8 server you likely use FirewallD and not IPtables. See the How to open ports and close ports in FirewallD

Always deploy a firewall to your server. See our firewall guide How to install CSF to your Server

Join The Discussion.

[Search Terms: iptables open port, iptables close port]

How was this article? – Open and Close Ports using IPTables

Источник

How to Open a Port in Linux

The port number is a virtual concept in computer networking that provides a network identifier for a service or application. The number is a 16-bit integer from 0 to 65535 that combines with the IP address to create a network communication socket.

Читайте также:  Удаление ненужных пакетов astra linux

This article shows how to open a port in Linux and use Linux networking tools to list and test open ports.

How to open a port in Linux.

Listing Open Ports

Before opening a port on a system, check if the port you need is already open. The simplest way to do this is to pipe the output of the netstat command to the grep command.

netstat -na | grep :[port-number]

The syntax above tells grep to look for a specific port number in the port list provided by netstat . For example, to check if port 8080 is available on the system, type:

If the port is closed, the command returns no output.

Alternatively, use the following netstat command to display a list of listening ports:

The -l option looks for the listening ports, -n provides numerical port values, while -t and -u stand for TCP and UDP, respectively.

Listing open ports in Linux.

Note: For more details on netstat syntax, read Netstat Command in Linux — 28 Commands with Examples.

Opening a Port in Linux

The correct procedure for opening a port depends on the Linux distribution and the firewall you are using. The following sections provide steps for the three most common scenarios:

  • The UFW firewall on Ubuntu-based distributions.
  • firewalld on CentOS and other RHEL-based distributions.
  • The iptables utility for the systems without UFW and Firewalld.

Note: Learn how to use GUFW, a GUI for UFW.

Ubuntu and UFW Based Systems

UFW (Uncomplicated Firewall) for Ubuntu allows you to open a port with a single command:

sudo ufw allow [port-number]

The output confirms when you add IPv4 and IPv6 rules.

Opening a port in Ubuntu with UFW.

Alternatively, open the port used by a specific service without stating the port number:

sudo ufw allow [service-name]

Note: After you finish creating the rules, ensure UFW is active on your system by typing:

CentOS and Other Systems with firewalld

The firewalld tool on CentOS, Fedora, and other related distributions, enables users to control port access on their system. The following command opens a specific port:

sudo firewall-cmd --zone=public --add-port=[port-number]/[protocol] --permanent

The —permanent option ensures that the rules persist after the system reboot.

Opening a port on RHEL based systems with firewalld.

Note: The —zone=public argument is necessary only in multi-zone system configurations. By default, firewalld assigns all interfaces to the public zone.

Linux Distributions without UFW or firewalld

While installing a full-fledged firewall is the recommended way of maintaining system security, some Linux distributions still use the legacy iptables solution. The iptables utility allows configuring rules to filter IP packets using the Linux kernel firewall.

Use the following command to create an iptables rule for opening a port:

sudo iptables -A INPUT -p [protocol] --dport [port] -j ACCEPT

The command creates an IPv4 rule. To create an IPv6 rule, use the ip6tables command:

sudo ip6tables -A INPUT -p [protocol] --dport [port] -j ACCEPT

The port number is specified with the —dport option. The -p flag allows you to define the protocol ( tcp or udp ). For example, to create an IPv4 rule for the TCP port 8080 , type:

sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Make iptables Rules Persist on Debian-Based Systems

The rules created using iptables do not persist after reboots.

Читайте также:  Linux get last line

Follow the steps to restore iptables rules after a reboot on Debian-based systems:

1. Save the IPv4 rules you created:

iptables-save > /etc/iptables/rules.v4

2. Store any IPv6 rules in a separate file:

ip6tables-save > /etc/iptables/rules.v6

3. Install the iptables-persistent package:

sudo apt install iptables-persistent

This package automatically reloads the contents of the rules.v4 and rules.v6 files when the system restarts.

Install the iptables-persistent package.

Make iptables Rules Persist on RHEL-Based Systems

RHEL-based systems store the iptables configuration in a different location.

1. Type the commands below to save the IPv4 and IPv6 rules, respectively:

iptables-save > /etc/sysconfig/iptables
ip6tables-save > /etc/sysconfig/ip6tables

2. Ensure the iptables-services package is installed:

sudo dnf install iptables-services
sudo systemctl start iptables
sudo systemctl enable iptables
sudo service iptables save

Saving the iptables configuration.

6. Restart the service to enforce the rule:

sudo systemctl restart iptables

Testing Open Ports

After using any of the methods above to open a port in Linux, ensure that the process is successful. The following methods are simple ways to check the open ports on a system.

View the listening ports with the netstat command:

Viewing open ports with the netstat command.

The output above shows the port 8080 we opened previously.

List the open sockets with the ss command:

The port appears as part of the socket.

Viewing open ports with the ss command.

Note: To understand the function of sockets in Linux, refer to How Linux Uses Sockets.

Test the port by specifying its number to the nmap command.

Using the nmap command to see port status in linux.

Test the Port with the Netcat Utility

The Netcat tool features the nc command that you can use to test an open port. To do so:

1. Use a command such as echo to pipe output to Netcat and specify the port to listen to. The example below pipes a message to test port 8080 :

echo "Testing port 8080" | nc -l -p 8080

2. Leave the command running and open another terminal window.

3. In that terminal window, use a command such as telnet to query the local socket.

If the port is open, the output of the telnet command contains the message piped to nc in step 1.

Using the telnet command to probe a port in Linux.

Note: Learn how to check for open ports in Linux.

This article provided instructions on opening and testing a port in Linux. Opening a port can be helpful for various reasons, such as allowing incoming traffic to access a specific service or application on your system.

Источник

Оцените статью
Adblock
detector