- How Can I Open Ports on Ubuntu
- How Can I Open Some Ports on Ubuntu
- How to Open Port on Ubuntu
- How to Close Ports on Ubuntu
- Conclusions
- About the author
- Zahra Zamir
- How to Open a Port in Linux
- Listing Open Ports
- Opening a Port in Linux
- Ubuntu and UFW Based Systems
- CentOS and Other Systems with firewalld
- Linux Distributions without UFW or firewalld
- Make iptables Rules Persist on Debian-Based Systems
- Make iptables Rules Persist on RHEL-Based Systems
- Testing Open Ports
- Test the Port with the Netcat Utility
How Can I Open Ports on Ubuntu
Open ports are ports that allow traffic from a service or applications to run on it. Opening ports are important if you want a certain service to run on your system. In most systems such as Ubuntu ports are closed by default for security purposes but they can be opened easily.
In this writeup, we have shown how to open ports in Ubuntu.
How Can I Open Some Ports on Ubuntu
To open ports on Ubuntu, we will use an uncomplicated firewall (UFW), which is an Uncomplicated Firewall tool that provides proxy settings in different systems. Many Linux systems come with the pre-installed firewall but in case of Ubuntu it will be required to install.
You can install UFW on Ubuntu from the repository using the apt command and for that, it’s mandatory to update/upgrade the repository first using the below-mentioned commands:
Then install UFW by using the below-mentioned command:
Once the UFW is installed, enable it on your Ubuntu system by using the below-mentioned command:
How to Open Port on Ubuntu
Once the UFW is enabled, you can open ports using the below-mentioned command:
For example, to open SSH port which is 22 by default, you can use 22 with the ufw command as shown below:
By using UFW, the traffic to the port can also be controlled and for that the user just has to specify the port along with the protocol name they want the traffic:
In the stated example, I have allowed the tcp protocol traffic to port 80.
Similarly, the below-written example allows the udp traffic to port 1025:
The traffic from a specific IP address can also be allowed to a port by following the below-mentioned command:
To check the status of the ports, you can follow the below-mentioned command to verify that ports are opened successfully:
How to Close Ports on Ubuntu
If you have previously opened a port and now you feel the need to block it then you can use the below-mentioned command:
Just like opening port command, you can also block the ports with either their name or service name:
Blocking ports by using port number:
Then verify by using the below-mentioned status command:
That’s all for the process, but remember that while using UFW to open ports, ensure that the service you are interested in the opening should be active.
Conclusions
To open ports in Ubuntu, the users have to install UFW from the apt command and then enable its service on the system. After that, they can use the UFW command to open ports with port numbers and allow the desired protocol traffic to it. They can also check the status of opened and blocked ports using the ufw status command.
About the author
Zahra Zamir
An Electronics graduate who loves to learn and share the knowledge, my passion for my field has helped me grasp complex electronics concepts and now I am here to share them with others.
How to Open a Port in Linux
The port number is a virtual concept in computer networking that provides a network identifier for a service or application. The number is a 16-bit integer from 0 to 65535 that combines with the IP address to create a network communication socket.
This article shows how to open a port in Linux and use Linux networking tools to list and test open ports.
Listing Open Ports
Before opening a port on a system, check if the port you need is already open. The simplest way to do this is to pipe the output of the netstat command to the grep command.
netstat -na | grep :[port-number]
The syntax above tells grep to look for a specific port number in the port list provided by netstat . For example, to check if port 8080 is available on the system, type:
If the port is closed, the command returns no output.
Alternatively, use the following netstat command to display a list of listening ports:
The -l option looks for the listening ports, -n provides numerical port values, while -t and -u stand for TCP and UDP, respectively.
Note: For more details on netstat syntax, read Netstat Command in Linux — 28 Commands with Examples.
Opening a Port in Linux
The correct procedure for opening a port depends on the Linux distribution and the firewall you are using. The following sections provide steps for the three most common scenarios:
- The UFW firewall on Ubuntu-based distributions.
- firewalld on CentOS and other RHEL-based distributions.
- The iptables utility for the systems without UFW and Firewalld.
Note: Learn how to use GUFW, a GUI for UFW.
Ubuntu and UFW Based Systems
UFW (Uncomplicated Firewall) for Ubuntu allows you to open a port with a single command:
sudo ufw allow [port-number]
The output confirms when you add IPv4 and IPv6 rules.
Alternatively, open the port used by a specific service without stating the port number:
sudo ufw allow [service-name]
Note: After you finish creating the rules, ensure UFW is active on your system by typing:
CentOS and Other Systems with firewalld
The firewalld tool on CentOS, Fedora, and other related distributions, enables users to control port access on their system. The following command opens a specific port:
sudo firewall-cmd --zone=public --add-port=[port-number]/[protocol] --permanent
The —permanent option ensures that the rules persist after the system reboot.
Note: The —zone=public argument is necessary only in multi-zone system configurations. By default, firewalld assigns all interfaces to the public zone.
Linux Distributions without UFW or firewalld
While installing a full-fledged firewall is the recommended way of maintaining system security, some Linux distributions still use the legacy iptables solution. The iptables utility allows configuring rules to filter IP packets using the Linux kernel firewall.
Use the following command to create an iptables rule for opening a port:
sudo iptables -A INPUT -p [protocol] --dport [port] -j ACCEPT
The command creates an IPv4 rule. To create an IPv6 rule, use the ip6tables command:
sudo ip6tables -A INPUT -p [protocol] --dport [port] -j ACCEPT
The port number is specified with the —dport option. The -p flag allows you to define the protocol ( tcp or udp ). For example, to create an IPv4 rule for the TCP port 8080 , type:
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
Make iptables Rules Persist on Debian-Based Systems
The rules created using iptables do not persist after reboots.
Follow the steps to restore iptables rules after a reboot on Debian-based systems:
1. Save the IPv4 rules you created:
iptables-save > /etc/iptables/rules.v4
2. Store any IPv6 rules in a separate file:
ip6tables-save > /etc/iptables/rules.v6
3. Install the iptables-persistent package:
sudo apt install iptables-persistent
This package automatically reloads the contents of the rules.v4 and rules.v6 files when the system restarts.
Make iptables Rules Persist on RHEL-Based Systems
RHEL-based systems store the iptables configuration in a different location.
1. Type the commands below to save the IPv4 and IPv6 rules, respectively:
iptables-save > /etc/sysconfig/iptables
ip6tables-save > /etc/sysconfig/ip6tables
2. Ensure the iptables-services package is installed:
sudo dnf install iptables-services
sudo systemctl start iptables
sudo systemctl enable iptables
sudo service iptables save
6. Restart the service to enforce the rule:
sudo systemctl restart iptables
Testing Open Ports
After using any of the methods above to open a port in Linux, ensure that the process is successful. The following methods are simple ways to check the open ports on a system.
View the listening ports with the netstat command:
The output above shows the port 8080 we opened previously.
List the open sockets with the ss command:
The port appears as part of the socket.
Note: To understand the function of sockets in Linux, refer to How Linux Uses Sockets.
Test the port by specifying its number to the nmap command.
Test the Port with the Netcat Utility
The Netcat tool features the nc command that you can use to test an open port. To do so:
1. Use a command such as echo to pipe output to Netcat and specify the port to listen to. The example below pipes a message to test port 8080 :
echo "Testing port 8080" | nc -l -p 8080
2. Leave the command running and open another terminal window.
3. In that terminal window, use a command such as telnet to query the local socket.
If the port is open, the output of the telnet command contains the message piped to nc in step 1.
Note: Learn how to check for open ports in Linux.
This article provided instructions on opening and testing a port in Linux. Opening a port can be helpful for various reasons, such as allowing incoming traffic to access a specific service or application on your system.