In order to establish a network connection, you need to open a port on your Linux system. There are several methods for doing this, including using the built-in firewall programs FirewallD, UFW, and iptables. Each of these methods has its own set of advantages and disadvantages, and in this article, we will discuss how to open a port in Linux using each of these methods.

Check Listening Ports on Your System

You can use `ss` or `netstat` command line utility to list all the ports listening on your local system.

ss -tuln 

This command will list all the ports listening on your machine along with the socket connected to that ports. You can filter the listening port with the following command.

ss -tuln | grep "LISTEN" 

You will see output like below:

Output
tcp   LISTEN  0       5             127.0.0.1:631          0.0.0.0:*
tcp   LISTEN  0       100             0.0.0.0:25           0.0.0.0:*
tcp   LISTEN  0       100             0.0.0.0:143          0.0.0.0:*
tcp   LISTEN  0       4096            0.0.0.0:111          0.0.0.0:*
tcp   LISTEN  0       4096      127.0.0.53%lo:53           0.0.0.0:*
tcp   LISTEN  0       128             0.0.0.0:22           0.0.0.0:*
tcp   LISTEN  0       5                 [::1]:631             [::]:*
tcp   LISTEN  0       100                [::]:25              [::]:*
tcp   LISTEN  0       511                   *:443                *:*
tcp   LISTEN  0       70                    *:33060              *:*
tcp   LISTEN  0       151                   *:3306               *:*
tcp   LISTEN  0       511                   *:80                 *:*
tcp   LISTEN  0       128                [::]:22              [::]:*

Opening a Port with FirewallD:

FirewallD is a firewall management tool that is included in many popular Linux distributions, including CentOS, Fedora, and Red Hat Enterprise Linux. It provides a simple and easy-to-use interface for configuring the firewall rules on your system.

• List Services: To open a port with FirewallD, you first need to check if the service you want to allow is listed in the predefined service list. You can do this by running the following command:

  firewall-cmd --get-services 
  

  This will display a list of all the predefined services that are supported by FirewallD.

• Open Port by Service Name: If the service you want to allow is listed, you can open the port by running the following command:

  # Syntax
  firewall-cmd --permanent --add-service=service_name

  Replace “service_name” with the name of the service you want to allow. For example, to open port 80 for HTTP traffic, you would run the following command:

  firewall-cmd --permanent --add-service=http 
  

• Open Port by Number: If the service you want to allow is not listed in the predefined service list, you can open a specific port by running the following command:

  # Syntax
  firewall-cmd --permanent --add-port=port_number/protocol

  Replace “port_number” with the number of the port you want to open, and “protocol” with the protocol used by the service (either “tcp” or “udp”). For example, to open port 8080 for HTTP traffic using the TCP protocol, you would run the following command:

  firewall-cmd --permanent --add-port=8080/tcp 
  

Save the firewall rules: Once you have added the necessary firewall rule, you need to reload the firewall to apply the changes. You can do this by running the following command:

firewall-cmd --reload 

Opening a Port with UFW:

UFW (Uncomplicated Firewall) is a firewall management tool that is included in many popular Linux distributions, including Ubuntu and Linux Mint. It provides a simple and easy-to-use interface for configuring the firewall rules on your system.

• List Services: To open a port with UFW, you first need to check if the service you want to allow is listed in the predefined service list. You can do this by running the following command:

  ufw app list 
  

  This will display a list of all the predefined services that are supported by UFW.

• Open Port by Service name: If the service you want to allow is listed, you can open the port by running the following command:

  # Syntax
  ufw allow service_name

  Replace “service_name” with the name of the service you want to allow. For example, to open port 80 for HTTP traffic, you would run the following command:

  ufw allow http 
  

• Open port by number: If the service you want to allow is not listed in the predefined service list, you can open a specific port by running the following command:

  # Syntax
  ufw allow port_number/protocol

  Replace “port_number” with the number of the port you want to open, and “protocol” with the protocol used by the service (either “tcp” or “udp”). For example, to open port 8080 for HTTP traffic using the TCP protocol, you would run the following command:

  ufw allow 8080/tcp 
  

• Check firewall status: Once you have added the necessary firewall rule, you can check the status of the UFW firewall by running the following command:

  ufw status 
  

  This will display a list of all the active firewall rules, along with their status (either “enabled” or “disabled”).

You can also use the UFW command line interface to enable or disable specific rules, or to delete them altogether.

Opening a Port with Iptables:

Iptables is a powerful firewall management tool that is included in most Linux distributions. It provides a wide range of options for configuring the firewall rules on your system, but it can be more complex to use than FirewallD and UFW.

• Open Port by Number: To open a port with iptables, you need to use the “iptables” command followed by the appropriate options and arguments. For example, to open port 80 for HTTP traffic using the TCP protocol, you would run the following command:

  iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
  

  This command adds a new firewall rule that allows incoming traffic on port 80 using the TCP protocol. The “-A” option specifies that the rule should be appended to the end of the INPUT chain, and the “-j” option specifies the action to be taken (in this case, ACCEPT).

• Open Port Range: If you want to open a range of ports, you can use the “-m multiport” module and specify the range of ports separated by a comma. For example, to open ports 80 to 90 for HTTP traffic using the TCP protocol, you would run the following command:

  iptables -A INPUT -p tcp -m multiport --dports 80:90 -j ACCEPT 
  

• Save firewall rules: Once you have added the necessary firewall rule, you can save the iptables configuration by running the following command:

  service iptables save 
  

  This will save the current firewall configuration to the appropriate configuration file so that the rules are applied every time the system is restarted.

Conclusion

In this article, we explored three different tools that can be used to open a port in Linux: FirewallD, UFW, and iptables. FirewallD is a firewall management tool that provides a front-end interface for iptables. It is a user-friendly tool that allows you to easily manage your firewall rules. UFW is another user-friendly firewall tool that allows you to easily open and close ports. Finally, we looked at iptables, which is a more advanced tool that gives you greater control over your firewall. All three of these tools can be used to open a port in Linux and allow network traffic to flow through to specific programs or services. In conclusion, the choice of which tool to use will depend on your level of familiarity with Linux firewalls and your personal preference.

The post How to Open Port in Linux appeared first on TecAdmin.

This tutorial will help you to set up a firewall with UFW on Ubuntu and Debian Linux systems. Let’s begin with the installation of UFW on your system.

How to Install UFW Firewall

The Ubuntu and other Debian-based systems ship with default UFW installed. In case it is not installed, run the following command to install UFW. If it’s already installed, the command will upgrade UFW to the latest version.

Open a terminal and type:

sudo apt update 
sudo apt install ufw 

This will install or update UFW firewall packages on your Ubuntu, Debian, or Arch Linux systems.

How to Enable/Disable UFW Firewall

By default, UFW is an inactive state on most of the Debian systems. So use the following command to enable UFW:

Enable UFW

sudo ufw enable 

To disable the UFW, you can use the following command.

Disable UFW

sudo ufw disable 

Check UFW Status

Now make sure UFW is in an active state by executing the following command.

sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

Enable/Disable IPv6

You might be required to use IPv6 with your firewall. Disable IPv6 support if your system is not configured to use IPv6. To do it edit /etc/default/ufw and set IPV6 “yes” or “no”.

IPV6=no

After making changes disable and enable the firewall to apply changes.

sudo ufw disable && sudo ufw enable 

Allow Connections with UFW

Here are some examples of allowing specific ports with the UFW command.

• Allow Specific Ports – To allow a single port, for example allow port 21(FTP), 80(HTTP) and 443(HTTPS).

  sudo ufw allow 21/tcp 
  sudo ufw allow 80/tcp 
  sudo ufw allow 443/tcp 
  

• Allow Specific Services – UFW uses /etc/services files to get port of specific service, So we can allow any service with name instead of defining port. Like ftp (21), http(80).

  sudo ufw allow ftp/tcp 
  sudo ufw allow http/tcp 
  sudo ufw allow https/tcp 
  

• Allow Port Range – We can also allow range of ports in single command like:

  sudo ufw allow 1100-1200/tcp 
  

• Allow Access to Specific IP – To allow connections from specific ip address use following command.

  sudo ufw allow from 192.168.1.100 
  

• Allow Access to Subnet – To allow connections from any ip address of subnet use following command.

  sudo ufw allow from 192.168.1.0/24 
  

• Allow IP to Specific Port – To allow connections from any ip address of subnet use following command.

  sudo ufw allow from 192.168.1.100 to any port 22 
  

Deny Rules with UFW

• Deny Specific Ports – To allow a single port, for example allow port 21(FTP), 80(HTTP) and 443(HTTPS).

  sudo ufw deny 21/tcp 
  sudo ufw deny 80/tcp 
  sudo ufw deny 443/tcp 
  

• Deny Port Range – We can also allow range of ports in single command like:

  sudo ufw deny 1100-1200/tcp 
  

• Deny Access to Specific IP – To deny connections from specific ip address use following command.

  sudo ufw deny from 192.168.1.100 
  

• Deny Access to Subnet – To deny connections from any ip address of subnet use following command.

  sudo ufw deny from 192.168.1.0/24 
  

• Deny IP to Specific Port -To deny connections from any ip address of subnet use following command.

  sudo ufw allow from 192.168.1.100 to any port 22 
  

Enable or Disable Logging

UFW created logs for all filtered connections in /var/log/ufw.log file. It can be helpful for troubleshooting Use below to enable or disable logging.

Enable logging:

sudo ufw logging on 

Disable logging:

sudo ufw logging off 

Reference: https://wiki.ubuntu.com/UncomplicatedFirewall

The post How To Setup A Firewall with UFW on Ubuntu & Debian appeared first on TecAdmin.