The INPUT chain for inbound connections to the host system. The FORWARD chain is used for routing. The OUTPUT chain is used for outbound data leaving the host system. Each chain has a policy that determines what happens to packets. When you open a port, you’ll need to specify the chain. For example, to open incoming SSH connections, you’d use the INPUT chain.
If you’re opening an outbound port, replace INPUT with OUTPUT. If opening a UDP port, replace tcp with udp. To only open the port to a particular IP address or subnet, use sudo iptables -I INPUT -s xxx. xxx. xxx. xxx -p tcp -m tcp –dport 22 -j ACCEPT
sudo /sbin/iptables-save for Ubuntu and Debian. /sbin/service iptables save for CentOS, Red Hat, and Fedora. To close a port, use iptables -I INPUT -p tcp –-dport 22 -j REJECT. Replace “22” with the port you want to close—and definitely don’t close port 22 if you’re currently SSH’d into the server!
If you see a message that says Status: inactive, you’ll need to enable the firewall: Type sudo ufw enable and press Enter to start the firewall. [1] X Research source To turn on firewall logging, use sudo ufw logging on.
If the port you’re opening is for a service listed in /etc/services, you can just type the service’s name instead of the port number. Example: sudo ufw allow ssh. To open a specific range of ports, use the syntax sudo ufw allow 6000:6007/tcp, replacing 6000:6007 with the actual range. If the range is UDP ports, replace tcp with udp. To specify an IP address that can access the port, use this syntax: sudo ufw allow from 10. 0. 0. 1 to any port 22. Replace 10. 0. 0. 1 with the IP address, and 22 with the port you want to open to that address. To close a port, use sudo ufw deny 22, replacing 22 with the port you want to close.
If the port you’re opening is for a service listed in /etc/services, you can just type the service’s name instead of the port number. Example: sudo ufw allow ssh. To open a specific range of ports, use the syntax sudo ufw allow 6000:6007/tcp, replacing 6000:6007 with the actual range. If the range is UDP ports, replace tcp with udp. To specify an IP address that can access the port, use this syntax: sudo ufw allow from 10. 0. 0. 1 to any port 22. Replace 10. 0. 0. 1 with the IP address, and 22 with the port you want to open to that address. To close a port, use sudo ufw deny 22, replacing 22 with the port you want to close.
Type sudo ufw status numbered and press Enter. This displays a list of all firewall rules, each beginning with a number to represent it in the list. Identify the number at the beginning of rule you want to delete. For example, let’s say you want to remove the rule that opens port 22 (don’t do this if you’re currently using SSH to access the server), and that rule is listed on line 2. Type sudo ufw delete 2 and press Enter to remove the rule at line 2.
Alternatively, you can view the entire firewalld configuration and view all allowed and denied ports and services by running sudo firewall-cmd –list-all.
Alternatively, you can view the entire firewalld configuration and view all allowed and denied ports and services by running sudo firewall-cmd –list-all.
firewall-cmd –zone=public –add-port=22/tcp instantly opens the port, but does not make the change permanent. To make the change permanent, add the –permanent flag to the command: firewall-cmd –zone=public –permanent –add-port=22/tcp. [4] X Research source To open a UDP port, replace tcp with udp. To open the port by service name, use firewall-cmd –zone=public –permanent.
To create a new zone, use firewall-cmd –new-zone=MYZONENAME –permanent. Then, run firewall-cmd –reload to refresh your configuration. Run firewall-cmd –get-zones to view your zones—you’ll see your new zone now. To link the IP address to the zone, use firewall-cmd –zone=MYZONENAME –add-source=10. 0. 0. 1 –permanent. Replace the same IP address with the proper address. Then, open the port to the zone by specifying the zone name instead of “public:” firewall-cmd –zone=MYZONENAME –permanent –add-port=22/tcp.
To open csf. conf in vim, type vim csf. config and press ↵ Enter.
For example, let’s say you want to open port 999, and the current open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995. After adding port 999 to the list, it will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999. To get into insertion/typing mode in vim, press the i key on the keyboard.
Press the Esc key. Type :wq!. Press ↵ Enter.
To deny a port, re-open the file, delete the port, save the file, and then re-start the firewall.
To open conf. apf in vim, you’d type sudo vim /etc/apf/conf. apf and press Enter.
For example, let’s say you want to open port 999, and the current open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995. After adding port 999 to the IG_TCP_CPORTS list, it will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999. To get into insertion/typing mode in vim, press the i key on the keyboard.
Press the Esc key. Type :wq!. Press Enter.
To deny a port, re-open the file, delete the port, save the file, and then re-start the firewall.