How To Open Ports On A Linux Server Firewall: 5 Methods - WikiHow

Home » How To Open A Port On Linux » How To Open Ports On A Linux Server Firewall: 5 Methods - WikiHow

Maybe your like

Skip to ContentQuizzes
  • Home
  • Random
  • Browse Articles
  • Quizzes & Games
  • All QuizzesHot
  • Love Quizzes
  • Personality Quizzes
  • Fun Games
  • Dating Simulator
  • Learn Something New
  • Forums
  • Courses
  • Happiness Hub
  • Explore More
  • Support wikiHow
  • About wikiHow
  • Log in / Sign up
Terms of Use wikiHow is where trusted research and expert knowledge come together. Learn why people trust wikiHow How to Open Linux Firewall Ports: Ubuntu, Debian, & More PDF download Download Article Co-authored by Nicole Levine, MFA Reviewed by Luigi Oppido

Last Updated: February 24, 2025 Fact Checked

PDF download Download Article
  • Iptables
    • |
  • Uncomplicated Firewall
    • |
  • Firewalld
    • |
  • ConfigServer Firewall
    • |
  • Advanced Policy Firewall
    • |
  • Video
    • |
  • Tips
|Show more |Show less X

This article was reviewed by Luigi Oppido and by wikiHow staff writer, Nicole Levine, MFA. Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years. There are 11 references cited in this article, which can be found at the bottom of the page. This article has been fact-checked, ensuring the accuracy of any cited facts and confirming the authority of its sources. This article has been viewed 2,050,299 times.

Do you need to allow inbound or outbound connections to your Linux system? If you're using firewall software like Iptables, Uncomplicated Firewall (UFW), or Firewalld, you can easily open ports from the command line. For products like ConfigServer Firewall (CSF) and Advanced Policy Firewall (ADP), adding firewall rules to open ports is as simple as editing your firewall configuration file. This wikiHow article will walk you through opening and closing ports on 5 of the most common firewalls for Ubuntu, Debian, CentOS, Red Hat, Fedora, and other Linux distributions.

Things You Should Know

  • You can easily open TCP and UDP ports in any Linux-based firewall product.
  • Iptables is preinstalled on most Linux distributions and is very easy to configure.
  • If you're using Firewalld, adding the --permanent flag to firewall-cmd commands ensures your changes won't be undone when you stop and restart the firewall.

Steps

Method 1 Method 1 of 5:

Iptables

PDF download Download Article
  1. Step 1 Log in to your Linux server and/or open a Terminal window. 1 Log in to your Linux server and/or open a Terminal window. Most Linux distributions, including Ubuntu, Debian, CentOS, Fedora, and Red Hat, come with IPtables already installed. You can open ports in Iptables using simple commands.
  2. Step 2 Run service iptables status to make sure your firewall is active. 2 Run service iptables status to make sure your firewall is active. If the firewall isn't running, start it using service iptables start.[1] Advertisement
  3. Step 3 Use sudo iptables -L to list the current firewall rules. 3 Use sudo iptables -L to list the current firewall rules. The rules are broken into chains:
    • The INPUT chain for inbound connections to the host system.
    • The FORWARD chain is used for routing.
    • The OUTPUT chain is used for outbound data leaving the host system.
    • Each chain has a policy that determines what happens to packets. When you open a port, you'll need to specify the chain. For example, to open incoming SSH connections, you'd use the INPUT chain.
  4. Step 4 Use sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT to open a port. 4 Use sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT to open a port. In this example, we're opening incoming connections to port 22, but you can replace 22 with the port you want to open.
    • If you're opening an outbound port, replace INPUT with OUTPUT.
    • If opening a UDP port, replace tcp with udp.
    • To only open the port to a particular IP address or subnet, use sudo iptables -I INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 22 -j ACCEPT
  5. Step 5 Use sudo service iptables save to save your changes. 5 Use sudo service iptables save to save your changes. If that doesn't work, try one of these commands:
    • sudo /sbin/iptables-save for Ubuntu and Debian.
    • /sbin/service iptables save for CentOS, Red Hat, and Fedora.
    • To close a port, use iptables -I INPUT -p tcp –-dport 22 -j REJECT. Replace "22" with the port you want to close—and definitely don't close port 22 if you're currently SSH'd into the server!
    6. Advertisement
Method 2 Method 2 of 5:

Uncomplicated Firewall

PDF download Download Article
  1. Step 1 Log in to your Ubuntu server. 1 Log in to your Ubuntu server. UFW is preinstalled on all Ubuntu systems. If you're logged in to the GUI interface, open a terminal window.[2]
  2. Step 2 Type sudo ufw status verbose and press ↵ Enter. 2 Type sudo ufw status verbose and press Enter. If UFW is already running, you'll see a status message, as well as a list of any firewall rules (including opened ports) that already exist.[3]
    • If you see a message that says Status: inactive, you'll need to enable the firewall:
    • Type sudo ufw enable and press Enter to start the firewall.[4]
    • To turn on firewall logging, use sudo ufw logging on.
  3. Step 3 Use sudo ufw allow [port number] to open a port. 3 Use sudo ufw allow [port number] to open a port. For example, if you want to open the SSH port (22), you'd type kbd and press Enter to open the port. There's no need to restart the firewall, as the change will take effect immediately.[5]
    • If the port you're opening is for a service listed in /etc/services, you can just type the service's name instead of the port number. Example: sudo ufw allow ssh.
    • To open a specific range of ports, use the syntax sudo ufw allow 6000:6007/tcp, replacing 6000:6007 with the actual range. If the range is UDP ports, replace tcp with udp.
    • To specify an IP address that can access the port, use this syntax: sudo ufw allow from 10.0.0.1 to any port 22. Replace 10.0.0.1 with the IP address, and 22 with the port you want to open to that address.
    • To close a port, use sudo ufw deny 22, replacing 22 with the port you want to close.
  4. Step 4 Delete firewall rules that aren't needed. 4 Delete firewall rules that aren't needed. Any ports that aren’t specifically opened are blocked by default. If you open a port and decide you want to close it, use these steps:[6]
    • Type sudo ufw status numbered and press Enter. This displays a list of all firewall rules, each beginning with a number to represent it in the list.
    • Identify the number at the beginning of rule you want to delete. For example, let's say you want to remove the rule that opens port 22 (don't do this if you're currently using SSH to access the server), and that rule is listed on line 2.
    • Type sudo ufw delete 2 and press Enter to remove the rule at line 2.
    5. Advertisement
Method 3 Method 3 of 5:

Firewalld

PDF download Download Article
  1. Step 1 Log in to your server. 1 Log in to your server. If you're using Firewalld on your CentOS, Red Hat Enterprise, SUSE, or Fedora system, you can easily open ports from the command line. Firewalld is the default firewall solution for all of these distributions.[7]
  2. Step 2 Run firewall-cmd --list-ports to view all open ports. 2 Run firewall-cmd --list-ports to view all open ports. The PUBLIC zone is
    • Alternatively, you can view the entire firewalld configuration and view all allowed and denied ports and services by running sudo firewall-cmd --list-all.[8]
  3. Step 3 Use the firewall-cmd command to open a port. 3 Use the firewall-cmd command to open a port. In this example, we'll show you how to open the SSH port (22) to remote access:
    • firewall-cmd --zone=public --add-port=22/tcp instantly opens the port, but does not make the change permanent.
    • To make the change permanent, add the --permanent flag to the command: firewall-cmd --zone=public --permanent --add-port=22/tcp.[9]
    • To open a UDP port, replace tcp with udp.
    • To open the port by service name, use firewall-cmd --zone=public --permanent.
  4. Step 4 Open a port for a specific IP address. 4 Open a port for a specific IP address. If you only want to allow connections to or from one IP, you'll need to create a new firewall zone for that address.
    • To create a new zone, use firewall-cmd --new-zone=MYZONENAME --permanent.
    • Then, run firewall-cmd –reload to refresh your configuration.
    • Run firewall-cmd --get-zones to view your zones—you'll see your new zone now.
    • To link the IP address to the zone, use firewall-cmd --zone=MYZONENAME --add-source=10.0.0.1 --permanent. Replace the same IP address with the proper address.
    • Then, open the port to the zone by specifying the zone name instead of "public:" firewall-cmd --zone=MYZONENAME --permanent --add-port=22/tcp.
  5. Step 5 Close a port. 5 Close a port. If you need to close a port, you can do so using different flags with the firewall-cmd command. In this example, we'll close port 22 to the public permanently: firewall-cmd --zone=public --remove-port=22/tcp --permanent.[10]
    6. Advertisement
Method 4 Method 4 of 5:

ConfigServer Firewall

PDF download Download Article
  1. Step 1 Log in to your server. 1 Log in to your server. If you're not logged in as the root user, you can su to root to adjust your configuration, or preface commands with sudo.
  2. Step 2 Go to directory that contains your CSF config file. 2 Go to directory that contains your CSF config file. The file is called csf.conf, and it's saved to /etc/csf/csf.conf by default.[11] To do this, type cd /etc/csf and press Enter.
  3. Step 3 Open csf.conf in a text editor. 3 Open csf.conf in a text editor. You can use any text editor you wish, such as vim or nano.
    • To open csf.conf in vim, type vim csf.config and press Enter.
  4. Step 4 Add an incoming port to the TCP_IN list. 4 Add an incoming port to the TCP_IN list. TCP ports. Once you have the file open, you will see TCP_IN and TCP_OUT sections. The TCP_IN section lists open inbound TCP ports separated by commas. The ports are in numerical order to make things easy, but it's not required that the ports you stick to the order. You can add ports to the end of the sequence, just separate them with commas.
    • For example, let's say you want to open port 999, and the current open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995.
    • After adding port 999 to the list, it will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999.
    • To get into insertion/typing mode in vim, press the i key on the keyboard.
  5. Step 5 Allow outgoing TCP to the TCP_OUT list. 5 Allow outgoing TCP to the TCP_OUT list. Just as you did with the incoming port, add any outbound TCP ports you'd like to open to the TCP_OUT list.
  6. Step 6 Save your changes and exit the file. 6 Save your changes and exit the file. Follow these steps to save and exit the file:
    • Press the Esc key.
    • Type :wq!.
    • Press Enter.
  7. Step 7 Type service csf restart and press ↵ Enter. 7 Type service csf restart and press Enter. This restarts the firewall and opens the new ports.
    • To deny a port, re-open the file, delete the port, save the file, and then re-start the firewall.
    8. Advertisement
Method 5 Method 5 of 5:

Advanced Policy Firewall

PDF download Download Article
  1. Step 1 Log in to your Linux server. 1 Log in to your Linux server. If you're using APF on your Linux system, you'll make changes to your firewall configuration in the APF configuration file.
  2. Step 2 Go to the directory that contains your APF config file. 2 Go to the directory that contains your APF config file. The file you're looking for is called conf.apf, and it'll be in /etc/apf by default.[12] Type cd /etc/apf to enter that directory.
  3. Step 3 Open /etc/apf/conf.apf in a text editor. 3 Open /etc/apf/conf.apf in a text editor. You can use any text editor you wish, such as vim or nano.
    • To open conf.apf in vim, you'd type sudo vim /etc/apf/conf.apf and press Enter.
  4. Step 4 Add inbound ports to the IG_TCP_CPORTS list. 4 Add inbound ports to the IG_TCP_CPORTS list. Once you have the file open, you will see IG_TCP_CPORTS and EG_TCP_CPORTS sections. The IG_TCP_CPORTS section lists open inbound ports separated by commas. The ports are listed in numerical order to make things easy, but it's not required to stick with it. You can add ports to the end of the sequence, just separate them with commas.
    • For example, let's say you want to open port 999, and the current open ports are 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995.
    • After adding port 999 to the IG_TCP_CPORTS list, it will look like this: 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 999.
    • To get into insertion/typing mode in vim, press the i key on the keyboard.
  5. Step 5 Allow outbound ports to the EG_TCP_CPORTS list. 5 Allow outbound ports to the EG_TCP_CPORTS list. Just as you did with the incoming port, add any outbound TCP ports you'd like to open to the EG_TCP_CPORTS list.
  6. Step 6 Save your changes and exit the file. 6 Save your changes and exit the file. Follow these steps to save and exit the file:
    • Press the Esc key.
    • Type :wq!.
    • Press Enter.
  7. Step 7 Type service apf -r and press ↵ Enter. 7 Type service apf -r and press Enter. This restarts the APF firewall and opens the new ports.
    • To deny a port, re-open the file, delete the port, save the file, and then re-start the firewall.
    8. Advertisement

Expert Q&A

Search Add New Question Ask a Question 200 characters left Include your email address to get a message when this question is answered. Submit Advertisement

Video

Tips

  • If you see a port that you are not using or running services through, close it up! You don't want to leave an open door for intruders! Thanks Helpful 0 Not Helpful 0
  • If you start adding random open ports like they are going out of style, YOU WILL GET HACKED! Only open ports when absolutely necessary. Thanks Helpful 0 Not Helpful 0
Submit a Tip All tip submissions are carefully reviewed before being published Name Please provide your name and last initial Submit Thanks for submitting a tip for review! Advertisement

You Might Also Like

Open PortsHow to Open a Port on Windows, Mac, Linux, or Your Router Check if a Port Is OpenedHow to Check If a Port is Open on Any Computer Enable Ssh in Centos 7How to Enable SSH in CentOS 7 Set Up Port Forwarding on a RouterHow to Forward a Port on Any Router: Easy Guide Open Port 25 How to Open Port 25 (SMTP) on Any Version of Windows Set up an FTP Server in Ubuntu LinuxHow to Install and Configure an FTP Server in Ubuntu Assign an IP Address on a Linux ComputerHow toAssign an IP Address on a Linux Computer Portforward MinecraftHow to Port Forward for Minecraft Java or Bedrock Share Files Between Linux Computers Using NFSEasily Share Files Between Linux Systems with NFS Disable Router FirewallHow toDisable Router Firewall Configure a Router4 Simple Ways to Configure Your Home Router Configure a Linksys RouterHow toConfigure a Linksys Router Change Nat TypeHow to Change Your NAT Type: Your Complete Step-by-Step Guide Check if Your Firewall Is Blocking SomethingA Guide to Checking if Your Firewall Is Blocking Something Advertisement

References

  1. https://www.networkworld.com/article/930788/working-with-iptables.html
  2. https://ubuntu.com/tutorials/command-line-for-beginners
  3. https://help.ubuntu.com/community/UFW
  4. https://wiki.ubuntu.com/UncomplicatedFirewall
  5. https://help.ubuntu.com/community/UFW
  6. https://help.ubuntu.com/community/UFW
  7. https://firewalld.org/
  8. https://linuxhint.com/list_open_ports_firewalld/
  9. https://firewalld.org/documentation/howto/open-a-port-or-service.html
More References (3)
  1. https://docs.fedoraproject.org/en-US/quick-docs/firewalld/
  2. https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu
  3. https://docs.cpanel.net/knowledge-base/general-systems-administration/how-to-configure-your-firewall-for-cpanel-services/

About This Article

Luigi Oppido Reviewed by: Luigi Oppido Computer & Tech Specialist This article was reviewed by Luigi Oppido and by wikiHow staff writer, Nicole Levine, MFA. Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years. This article has been viewed 2,050,299 times. How helpful is this? Co-authors: 12 Updated: February 24, 2025 Views: 2,050,299 Categories: Linux Article SummaryX

1. Start UFW if it's not already running. 2. Use "sudo ufw allow [port number]" to open a port. 3. Use "sudo ufw allow 6000:6007/tcp" to open a range. 4. Use "sudo ufw status numbered" to view the rules. Did this summary help you?YesNo

In other languages Spanish Italian Russian French German Indonesian Japanese Hindi Thai Chinese
  • Print
  • Send fan mail to authors
Thanks to all authors for creating a page that has been read 2,050,299 times.

Is this article up to date?

Yes No Advertisement Cookies make wikiHow better. By continuing to use our site, you agree to our cookie policy. Luigi Oppido Reviewed by: Luigi Oppido Computer & Tech Specialist Click a star to vote Co-authors: 12 Updated: February 24, 2025 Views: 2,050,299

Quizzes & Games

World History Trivia QuizWorld History Trivia QuizTake QuizIQ Test For KidsIQ Test For KidsTake QuizWhat Chakra Do I Need to Balance QuizWhat Chakra Do I Need to Balance QuizTake QuizThe Impossible QuizThe Impossible QuizTake QuizGeneral Knowledge QuizGeneral Knowledge QuizTake QuizWhat Age Is My Brain QuizWhat Age Is My Brain QuizTake Quiz

You Might Also Like

Open PortsHow to Open a Port on Windows, Mac, Linux, or Your RouterCheck if a Port Is OpenedHow to Check If a Port is Open on Any ComputerEnable Ssh in Centos 7How to Enable SSH in CentOS 7Set Up Port Forwarding on a RouterHow to Forward a Port on Any Router: Easy Guide

Featured Articles

Enjoy the HolidaysHow toEnjoy the Holidays Get 250 Grams of Protein Daily: Best Foods, Meal Plans & MoreHow to Get 250 Grams of Protein Daily: Best Foods, Meal Plans & MoreAm I Girly QuizAm I Girly Quiz200 Fun, Flirty, & Deep Questions to Get to Know a Guy Better200 Fun, Flirty, & Deep Questions to Get to Know a Guy Better Tighten Skin Under Your Chin: Natural or Surgical OptionsHow to Tighten Skin Under Your Chin: Natural or Surgical OptionsWhat Would My Nickname Be QuizWhat Would My Nickname Be Quiz

Trending Articles

Let Us Rate You 1-10: Attractiveness Scale QuizLet Us Rate You 1-10: Attractiveness Scale QuizHave I Met My Soulmate Yet QuizHave I Met My Soulmate Yet QuizHow Rare Is My Birthday QuizHow Rare Is My Birthday QuizHow Nonchalant Am I QuizHow Nonchalant Am I QuizCan We Guess If You're Single or Taken?Can We Guess If You're Single or Taken?How Much Do I Mog QuizHow Much Do I Mog Quiz

Featured Articles

21 Common Hand Signs & Gestures (& What They Mean)21 Common Hand Signs & Gestures (& What They Mean)170+ Best Useless Facts That Sound Like Lies170+ Best Useless Facts That Sound Like LiesIs He Interested In Me QuizIs He Interested In Me Quiz15 Signs Your Ex Misses You (and What to Do About It)15 Signs Your Ex Misses You (and What to Do About It) Observe Hanukkah (From Candle Lighting to Latke Frying)How to Observe Hanukkah (From Candle Lighting to Latke Frying)165+ "You Are Special" Quotes For Friends, Family, Partners & More165+ "You Are Special" Quotes For Friends, Family, Partners & More

Featured Articles

115+ Brain Teasers For Adults & Kids (With Answers!)115+ Brain Teasers For Adults & Kids (With Answers!)When Will I Get My First Kiss QuizWhen Will I Get My First Kiss Quiz17 Believable Excuses to Miss Class At the Last Minute17 Believable Excuses to Miss Class At the Last Minute Speed Up Your Slow-Performing Mobile DataHow to Speed Up Your Slow-Performing Mobile Data Get a Nice BodyHow to Get a Nice BodyIce Cream Personality TestIce Cream Personality Test

Watch Articles

Wrap a Round GiftHow toWrap a Round GiftSteam in an OvenHow toSteam in an Oven Make Plant-Based Meat: 4 Incredible RecipesHow to Make Plant-Based Meat: 4 Incredible RecipesClean a Silver NecklaceHow toClean a Silver Necklace4 Easy Ways to Open a Can of Soda4 Easy Ways to Open a Can of SodaPart Your HairHow toPart Your Hair

Trending Articles

Make OutHow toMake OutAm I a Furry QuizAm I a Furry QuizAm I Annoying QuizAm I Annoying QuizHow Weird Am I QuizHow Weird Am I QuizWhat Does “Cracked” Mean in Slang?What Does “Cracked” Mean in Slang?What Are the Gay Male Body Types (And Which Do You Have?)What Are the Gay Male Body Types (And Which Do You Have?)

Quizzes & Games

Cognitive TestCognitive TestTake QuizAdvanced Roulette GameAdvanced Roulette GamePlayDiscord Username Idea GeneratorDiscord Username Idea GeneratorGenerate NamesWould I Be a Good Super Spy QuizWould I Be a Good Super Spy QuizTake QuizGuess the Flag QuizGuess the Flag QuizTake QuizIQ TestIQ TestTake Quiz wikiHow
  • Categories
  • Computers and Electronics
  • Operating Systems
  • Linux
wikiHow Newsletter You're all set! Helpful how-tos delivered toyour inbox every week! Sign me up! By signing up you are agreeing to receive emails according to our privacy policy.
  • Home
  • About wikiHow
  • Experts
  • Jobs
  • Contact Us
  • Site Map
  • Terms of Use
  • Privacy Policy
  • Do Not Sell or Share My Info
  • Not Selling Info
  • Contribute

Follow Us

×

wikiHow Tech Help Pro:

Level up your tech skills and stay ahead of the curve

Let's go! X --827

Tag » How To Open A Port On Linux