Linux Open Port – Comprehensive Guide for Port Configuration

Linux Open Port – Comprehensive Guide for Port Configuration

rename LINUX file name 1

A port serves as a communication endpoint in an operating system. Open ports in Linux can be configured to allow or restrict data flow for specific network services or processes. TCP and UDP ports are commonly employed to designate specific network services. Users can manually modify port settings by configuring services to use alternative ports. Open ports are generally accessible by default in Linux.

Jump To...

Port numbers ranging from 0 to 1023, the first 1024 ports, are commonly recognized as reserved for widely used services. Notable examples include port 22 for SSH, port 80 for HTTP, and port 443 for HTTPS. Port numbers above 1024 are designated as Ephemeral Ports. The detailed breakdown is as follows:

  • 1024 – 49151 port numbers are named as registered/user ports

  • 49152 – 65535 port numbers are named dynamic or private ports

Comprehending a Port and the Rationale for Opening It

Linux Open Port 1

Open ports in Linux function as a doorway directing the user to a specific area on a Linux system. Every action a user takes on the internet, or a set of available open ports, relies on a designated port.

For example, if you intend to operate your web server, you need to utilize open ports in Linux for connection. The same process applies to managing your web, FTP server, or mail. Ports serve as network connections across all network-connected devices.

Opening a Port on Linux

Configuring the firewall to permit network traffic through specific ports is a crucial element in managing open ports in Linux. Below, we’ll outline the basic steps utilizing the UFW (Uncomplicated Firewall) tool, a widely-used tool on Debian-based systems. Please note that the steps may vary if you are using a different distribution.

Using UFW (Uncomplicated Firewall):

Linux Open Port 2

Users must exercise caution when opening ports, especially on a publicly accessible web server. Only expose the ports necessary for your applications. Additionally, it is advisable to implement stringent firewall rules and other security measures to fortify your system.

Check UFW Status:

Begin by verifying the installation of UFW and reviewing its current status.

sudo apt-get update sudo apt-get install ufw sudo ufw status

Develop a Specific Port: You can employ the allow command with the specific port number and protocol to enable access to a particular port, typically TCP or UDP. For example, to open port 80 for HTTP traffic:

sudo ufw allow 80/tcp

If you want to open a range of ports:

sudo ufw allow 3000:4000/tcp

Allow Specific Application: You can also permit traffic for a specific application. For instance, to enable SSH traffic:

sudo ufw allow OpenSSH

Check the Updated Rules

Verify the rules to confirm that the changes have been implemented.

sudo ufw status

Reload UFW

Following modifications, it may be necessary to reload UFW for the new rules to be enforced.

sudo ufw reload

Enable UFW

If UFW is not yet enabled, you can activate it using:

sudo ufw enable

Confirm the action by typing ‘y’.

Using Firewall-cmd (For Systems with firewalld)

If your Linux system employs Firewalld instead of UFW, you can follow these steps:

Check Firewall-cmd Status:

sudo firewall-cmd --state

Open a Port:

sudo firewall-cmd --add-port=80/tcp --permanent

Reload Firewall-cmd:

sudo firewall-cmd --reload

Check Open Ports in Linux:

sudo firewall-cmd --list-ports

Displaying Open Ports on Linux

Linux Open Port 3

Before opening a port number on a Linux system, it’s crucial to verify if the required port is already in use. The simplest way to check for an open port in Linux is by utilizing the netstat command along with the grep command.

netstat -na | grep :[port-number]

The command line overhead instructs grep to search for a particular port number in the list of ports generated by the netstat command. For example, to verify if port 8080 is accessible on the system, execute the following command:

netstat -na | grep :8080

If the port is closed, the command produces no result.

Linux Open Port 4

Utilize the following netstat command to display a list of listening ports:

netstat -lntu

The -l alternative search for the listening ports

-n provides numerical port values

-t and -u stand for TCP port and UDP port, respectively.

Configuring a Port in Linux

Linux Open Port5

The appropriate method to open a port in Linux varies based on the firewall and Linux distribution. Below are recommended steps for common scenarios:

  • Firewall on RHEL-based distribution and CentOS distribution

  • UFW firewall on Ubuntu-based distribution

  • The iptables utility without firewall and UFW for the system

Ubuntu and UFW Based Systems

Linux Open Port 6

UFW, or Uncomplicated Firewall for Ubuntu, allows you to open a port with a single command. The command line is:

sudo ufw allow [port-number]

When adding IPv6 and IPv4 rules, the output is verified. Alternatively, you can discern an open port in Linux utilized by a particular service without specifying the port number using the command:

sudo ufw allow [service-name]

To check if UFW is active on your system, you can confirm by entering the following command:

sudo ufw enable

Systems with Firewalld

Linux Open Port 7

In Fedora, firewalls tools, and other related distributions, users have the capability to regulate port access on their Linux systems. To open a specific port, employ the following command:

sudo firewall-cmd --zone=public --add-port=[port-number]/[protocol] --permanent

The –permanent ensures the persistence of rules after the system reboot. However, the –zone=public argument is useful for multi-zone system configurations. Firewalld assign all interfaces to the public zone by default.

Without UFW or Firewalld Linux Distribution

Linux Open Port 8

While deploying a comprehensive firewall is recommended for bolstering system security, certain Linux distributions employ the legacy iptables solution. To filter IP packets using the Linux kernel firewall, the iptables utility is utilized by configuring rules. To initiate an iptables utility rule for opening a port, use the following command:

sudo iptables -A INPUT -p [protocol] --dport [port] -j ACCEPT

This command will create IPv4 rule.

For IPv6 rule, use the ip5tables command like:

sudo ip6tables -A INPUT -p [protocol] --dport [port] -j ACCEPT

The port number specifies the –dport option. However, the -p flag define the protocol (udp ports or TCP ports). To produce and IPv4 rule for TCP ports 8080, put in the following command:

sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Debian-Based Systems iptables Rules

Linux Open Port 9

The rules created using iptables do not persist after reboots. Follow the steps below to ensure iptables rules are retained after a reboot on Debian-based systems:

Save the IPv4 rules you created by executing the following command:

iptables-save > /etc/iptables/rules.v4

To save any IPv6 rules in a separate file, input the following command:

ip6tables-save > /etc/iptables/rules.v6

For installation of the iptables-persistent package, use the command below:

sudo apt install iptables-persistent

It will automatically reload the contents of rules.v4 along with the rules.v6 files when the system is restarted or rebooted.

Iptables Rules Persist on RHEL Systems

Iptables List 5

Iptables configuration is stored in a different location on RHEL-based systems.

To persist IPv4 or IPv6 rules, execute the following command:

iptables-save > /etc/sysconfig/iptables


ip6tables-save > /etc/sysconfig/ip6tables

To check if the iptables-services package is installed, use the following command.

sudo dnf install iptables-services

Enter the command to start or activate the device.

sudo systemctl start iptables

Permit the service using the following command:

sudo systemctl enable iptables

To secure the iptables rule, employ the command:

sudo service iptables save

To apply the rule, restart the service by executing the command:

sudo systemctl restart iptables

Verifying Open Ports in Linux

Linux Open Port 12

After employing any method to open a port in Linux, verify that the process has been completed successfully. To check the open ports on a system, follow the method below.

View the listening ports with the netstat command:

netstat -lntu

To list the open socket, use ss command as:

ss =lntu

Utilize the nmap command to test the port by specifying its number. For instance, use the nmap command:

nmap localhost -p 8080

Use the netcat utility or netcat command to test the port. By utilizing the netcat command, you can examine open ports. This tool also includes the nc command.

Use the echo command to redirect output to the netcat command and specify the port to listen.

echo "Testing port 8080"| nc -l -p 8080

Keep the command running in a process and open a new terminal window to query the local socket. Use the command as:

telnet localhost 8080


Comprehending incoming connections, initiating a preliminary port test, and scanning accessible ports are fundamental aspects of computer networking. Whether configuring a web server, overseeing services, or assessing the state of active connections, understanding TCP and UDP ports is crucial. The distinction between an accessible TCP port and a closed one, along with recognizing the significance of using the same port for parameter passing, underscores the challenges of ensuring efficient and secure communication within a network. The capability to explore open ports enables thorough monitoring, allowing network administrators to uphold the integrity and functionality of their systems while addressing potential vulnerabilities.

Frequently Asked Questions

TCP (Transmission Control Protocol) ports serve as communication endpoints. You can expose them in Linux using firewall management tools such as UFW or firewalld.

Utilize the ss command to enlist active ports on a Linux system. For instance, ss -lntu displays TCP and UDP listening ports.

UDP ports (User Datagram Protocol) represent another category of communication endpoints. You can open them using firewall tools like UFW or firewalld in a manner similar to TCP.

Employ the lsof command to display active ports and their corresponding processes on a Linux system. For instance, lsof -i in the lsof command provides information on open connections.

Use command line utilities such as the netstat command or ss command to examine open ports. For example, ss -a lists all open ports, including listening ports and established connections.

Supervising listening sockets through tools like ss or lsof aids in recognizing services actively awaiting connections, thereby bolstering network security.

Open TCP network ports and UDP ports by specifying the protocol and port number using firewall management tools, such as UFW or firewalld.

The ss command with the -r option delivers real-time monitoring of network connections, encompassing active ports, on a Linux operating system or Linux server.

The ss command, when employed with the -a option, showcases both listening and established connections, providing a comprehensive overview of network activity.

For efficient monitoring of network connections, contemplate utilizing a blend of tools such as ss, lsof, and firewall management utilities to guarantee a robust strategy for network security.