Learning Center
Linux

How to Open a Port on Linux

1 Jul 2025
Awais Khan
Awais Khan

Opening ports in Linux is an important task that allows certain services or applications to exchange data over the network. Ports act as communication gateways, allowing access to authorized services while blocking unauthorized connections. Managing ports is key to secure access, smooth app functionality, and reliable performance. In this guide we'll be using a VPS on Linux.

Understanding Ports and Their Purpose
Copy link

Ports are the logical endpoints of network communication, where devices can send and receive information. HTTP uses port 80, HTTPS uses port 443, and SSH uses port 22. An open port means the service that listens for incoming network traffic is associated with it. A closed port, on the other hand, stops communication via that gateway. Maintaining availability and security requires proper management of Linux open ports.

Check Existing Open Ports on Linux
Copy link

Before opening a port, check the open ports in Linux to see which ones are currently active. You may achieve this using several Linux commands.

netstat
Copy link

To display open ports, run:

netstat -tuln

The netstat utility provides a real-time view of active network connections, displaying all listening endpoints. The -tuln flags refine the output to show only TCP and UDP ports without resolving hostnames.

Image1

Note: In case netstat isn’t installed, install it via:

sudo apt install net-tools

ss
Copy link

The ss utility can also be utilized to check ports:

ss -tuln

Image3

Compared to netstat, the ss command is more recent and fast. It shows the ports that are in use as well as socket information.

nmap
Copy link

For a detailed analysis of Linux open ports, use:

nmap localhost

The nmap utility scans the given host (localhost in this case) for open ports. This is useful for finding ports exposed to public networks.

Image2

Note: You can install nmap on Linux via:

sudo apt install nmap

Opening Ports on Linux
Copy link

Firewall modification is required to grant access through a chosen endpoint. Linux provides several options for handling these tasks, including iptables, ufw, and firewalld.

Here are the methods to open ports with these utilities.

Method 1: Via iptables
Copy link

Iptables is a robust and lower level firewall utility that grants fine-grained control over network traffic. To open a port with iptables, take these steps:

  1. Add a Rule to Allow Traffic from a Specific Port 

Enable HTTP access on port 8080 with this command:

sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
  • sudo: Execute the command as superuser.
  • iptables: Refers to the firewall utility.
  • -A INPUT: Inserts a rule in the input chain, controlling incoming traffic.
  • -p tcp: Shows that the rule is for TCP traffic.
  • --dport 8080: Points to port 8080 for the rule.
  • ACCEPT: Specifies that incoming traffic matching the rule is accepted.

This permits incoming TCP on port 8080. However, iptables changes are volatile and will be undone after reboot.

Image5

Note: The iptables can be installed with persistent packages using:

sudo apt install iptables iptables-persistent
  1. Save the Configuration

For making the rule permanent and remain even after a system restart, store iptables rules via:

sudo netfilter-persistent save

Image4

This directive preserves current iptables or nftables rules such that they are preserved during reboots.

  1. Reload Changes

Reload the firewall configuration as needed with:

sudo netfilter-persistent reload

Image7

Method 2: Via UFW
Copy link

Ufw (Uncomplicated Firewall) is a minimal front-end for managing iptables rules. It allows you to easily open ports with simple commands. This is how you can do it:

  1. Enable Ufw 

First, ensure the ufw firewall is activated:

sudo ufw enable

Executing this command allows UFW to modify firewall settings.

Image6

Note: UFW can be installed with:

sudo apt install ufw
  1. Allow Traffic Via Specific Port 

For instance, to open port 22 for SSH, use:

sudo ufw allow 22/tcp
  • sudo: Grants superuser privileges.
  • ufw allow: Adds a rule to permit traffic.
  • 22/tcp: Sets port 22 for communication while restricting the rule to TCP protocol.

This permits access on port 22, enabling remote SSH connections.

Image9

  1. Verify the Firewall Status 

To ensure the port is accessible and the rule is active, execute:

sudo ufw status

The status command displays all active rules, including the allowed ports.

Image8

Method 3: Via Firewalld
Copy link

Firewalld is a dynamic firewall daemon present on Linux. It is simpler to customize the firewall rules compared to using iptables. Here’s how to enable port access via firewalld:

  1. Add a Permanent Rule for the Desired Port 

To enable HTTPS access on port 443, run:

sudo firewall-cmd --permanent --add-port=443/tcp
  • firewall-cmd: Invokes the firewalld command.
  • --permanent: Ensures the rule stays active after the firewall reloads or the system boots.
  • --add-port=443/tcp: Opens port 443 to accept incoming TCP traffic.

Image12

Note: Install firewalld on Linux via:

sudo apt install firewalld

Once installed, you should activate and run it:

sudo systemctl enable firewalld
sudo systemctl start firewalld
  1. Reload the Firewall 

Finalize the settings to enable the newly defined policy:

sudo firewall-cmd --reload

Image10

Applying firewall modifications makes recent policy updates functional without rebooting.

  1. Verification

Check whether the port is opened successfully:

sudo firewall-cmd --list-all

The --list-all command provides a complete list of rules, helping you determine if port 443 is open.

Image11

Testing the Newly Opened Port
Copy link

Always check if the newly opened port is available for incoming connections. Here’s how:

Using telnet
Copy link

Test the port opening via:

telnet localhost port_number

Successful access means the port is open and responsive.

Image13

Using nmap
Copy link

Analyze the host to verify if the specified endpoint is accessible.:

nmap -p port_number localhost

The -p flag specifies the port to scan.

Image14

Using curl
Copy link

Check HTTP service availability:

curl localhost:port_number

A successful response confirms the service is running on the opened port.

Image15

Troubleshooting Common Issues
Copy link

Ports opening may occasionally fail due to configuration errors or conflicting software settings. Follow these tips:

  • Verify Firewall Rules: Run iptables -L or ufw status to assess firewall restrictions and permissions.

  • Check Service Status: Check if the assigned service is active with systemctl status <service-name>.

Opening Specific Ports Based on Protocol
Copy link

Understanding the protocol used by the service can help configure ports more effectively. For instance, web traffic typically uses TCP (Transmission Control Protocol) for stable communication, while certain gaming services may require UDP (User Datagram Protocol) for faster packet transmission.

Opening a TCP Port
Copy link

To access port 3306 for MySQL traffic:

sudo ufw allow 3306/tcp

This explicitly permits TCP traffic through port 3306, ensuring stable communication for database queries.

Image16

Opening a UDP Port
Copy link

To access port 161 for SNMP (Simple Network Management Protocol), run:

sudo ufw allow 161/udp

Image17

UDP provides faster, connectionless communication, ideal for monitoring tools like SNMP.

Managing Port Accessibility
Copy link

Once a port is opened, controlling its visibility ensures security and prevents unauthorized access.

Restricting Access to Specific IPs
Copy link

To limit port access to a specific IP address (e.g., 192.168.1.100):

sudo ufw allow from 192.168.1.100 to any port 22

This allows SSH access via port 22 only from the specified IP address, enhancing security.

Image18

Closing Ports
Copy link

To revoke access to port 80:

sudo ufw deny 80/tcp

This denies incoming traffic on port 80, effectively closing it for HTTP services.

Image19

Conclusion
Copy link

Confirming open ports in Linux is a key step for optimizing network functionality and deploying services effectively. With the use of utilities such as iptables, ufw, or firewalld, you can control traffic securely for your apps. You need to test and debug in order to confirm the port is open and working as expected. From web servers to SSH access, to other network services, port management skills ensure smooth operations and better security.