How to Open a Port on Linux
Opening ports in Linux is an important task that allows certain services or applications to exchange data over the network. Ports act as communication gateways, allowing access to authorized services while blocking unauthorized connections. Managing ports is key to secure access, smooth app functionality, and reliable performance. In this guide we'll be using a VPS on Linux.
Understanding Ports and Their Purpose Copy link
Ports are the logical endpoints of network communication, where devices can send and receive information. HTTP uses port 80, HTTPS uses port 443, and SSH uses port 22. An open port means the service that listens for incoming network traffic is associated with it. A closed port, on the other hand, stops communication via that gateway. Maintaining availability and security requires proper management of Linux open ports.
Check Existing Open Ports on Linux Copy link
Before opening a port, check the open ports in Linux to see which ones are currently active. You may achieve this using several Linux commands.
netstat Copy link
To display open ports, run:
netstat -tulnThe netstat utility provides a real-time view of active network connections, displaying all listening endpoints. The -tuln flags refine the output to show only TCP and UDP ports without resolving hostnames.

Note: In case netstat isn’t installed, install it via:
sudo apt install net-toolsss Copy link
The ss utility can also be utilized to check ports:
ss -tuln
Compared to netstat, the ss command is more recent and fast. It shows the ports that are in use as well as socket information.
nmap Copy link
For a detailed analysis of Linux open ports, use:
nmap localhostThe nmap utility scans the given host (localhost in this case) for open ports. This is useful for finding ports exposed to public networks.

Note: You can install nmap on Linux via:
sudo apt install nmapOpening Ports on Linux Copy link
Firewall modification is required to grant access through a chosen endpoint. Linux provides several options for handling these tasks, including iptables, ufw, and firewalld.
Here are the methods to open ports with these utilities.
Method 1: Via iptables Copy link
Iptables is a robust and lower level firewall utility that grants fine-grained control over network traffic. To open a port with iptables, take these steps:
-
Add a Rule to Allow Traffic from a Specific Port
Enable HTTP access on port 8080 with this command:
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPTsudo: Execute the command as superuser.iptables: Refers to the firewall utility.-A INPUT: Inserts a rule in the input chain, controlling incoming traffic.-p tcp: Shows that the rule is for TCP traffic.--dport 8080: Points to port 8080 for the rule.ACCEPT: Specifies that incoming traffic matching the rule is accepted.
This permits incoming TCP on port 8080. However, iptables changes are volatile and will be undone after reboot.

Note: The iptables can be installed with persistent packages using:
sudo apt install iptables iptables-persistent-
Save the Configuration
For making the rule permanent and remain even after a system restart, store iptables rules via:
sudo netfilter-persistent save
This directive preserves current iptables or nftables rules such that they are preserved during reboots.
-
Reload Changes
Reload the firewall configuration as needed with:
sudo netfilter-persistent reload
Method 2: Via UFW Copy link
Ufw (Uncomplicated Firewall) is a minimal front-end for managing iptables rules. It allows you to easily open ports with simple commands. This is how you can do it:
-
Enable Ufw
First, ensure the ufw firewall is activated:
sudo ufw enableExecuting this command allows UFW to modify firewall settings.

Note: UFW can be installed with:
sudo apt install ufw-
Allow Traffic Via Specific Port
For instance, to open port 22 for SSH, use:
sudo ufw allow 22/tcpsudo: Grants superuser privileges.ufw allow: Adds a rule to permit traffic.22/tcp: Sets port 22 for communication while restricting the rule to TCP protocol.
This permits access on port 22, enabling remote SSH connections.

-
Verify the Firewall Status
To ensure the port is accessible and the rule is active, execute:
sudo ufw statusThe status command displays all active rules, including the allowed ports.

Method 3: Via Firewalld Copy link
Firewalld is a dynamic firewall daemon present on Linux. It is simpler to customize the firewall rules compared to using iptables. Here’s how to enable port access via firewalld:
-
Add a Permanent Rule for the Desired Port
To enable HTTPS access on port 443, run:
sudo firewall-cmd --permanent --add-port=443/tcpfirewall-cmd: Invokes the firewalld command.--permanent: Ensures the rule stays active after the firewall reloads or the system boots.--add-port=443/tcp: Opens port 443 to accept incoming TCP traffic.

Note: Install firewalld on Linux via:
sudo apt install firewalldOnce installed, you should activate and run it:
sudo systemctl enable firewalld
sudo systemctl start firewalld-
Reload the Firewall
Finalize the settings to enable the newly defined policy:
sudo firewall-cmd --reload
Applying firewall modifications makes recent policy updates functional without rebooting.
-
Verification
Check whether the port is opened successfully:
sudo firewall-cmd --list-allThe --list-all command provides a complete list of rules, helping you determine if port 443 is open.

Testing the Newly Opened Port Copy link
Always check if the newly opened port is available for incoming connections. Here’s how:
Using telnet Copy link
Test the port opening via:
telnet localhost port_numberSuccessful access means the port is open and responsive.

Using nmap Copy link
Analyze the host to verify if the specified endpoint is accessible.:
nmap -p port_number localhostThe -p flag specifies the port to scan.

Using curl Copy link
Check HTTP service availability:
curl localhost:port_numberA successful response confirms the service is running on the opened port.

Troubleshooting Common Issues Copy link
Ports opening may occasionally fail due to configuration errors or conflicting software settings. Follow these tips:
-
Verify Firewall Rules: Run
iptables -Lorufw statusto assess firewall restrictions and permissions. -
Check Service Status: Check if the assigned service is active with
systemctl status <service-name>.
Opening Specific Ports Based on Protocol Copy link
Understanding the protocol used by the service can help configure ports more effectively. For instance, web traffic typically uses TCP (Transmission Control Protocol) for stable communication, while certain gaming services may require UDP (User Datagram Protocol) for faster packet transmission.
Opening a TCP Port Copy link
To access port 3306 for MySQL traffic:
sudo ufw allow 3306/tcpThis explicitly permits TCP traffic through port 3306, ensuring stable communication for database queries.

Opening a UDP Port Copy link
To access port 161 for SNMP (Simple Network Management Protocol), run:
sudo ufw allow 161/udp
UDP provides faster, connectionless communication, ideal for monitoring tools like SNMP.
Managing Port Accessibility Copy link
Once a port is opened, controlling its visibility ensures security and prevents unauthorized access.
Restricting Access to Specific IPs Copy link
To limit port access to a specific IP address (e.g., 192.168.1.100):
sudo ufw allow from 192.168.1.100 to any port 22This allows SSH access via port 22 only from the specified IP address, enhancing security.

Closing Ports Copy link
To revoke access to port 80:
sudo ufw deny 80/tcpThis denies incoming traffic on port 80, effectively closing it for HTTP services.

Conclusion Copy link
Confirming open ports in Linux is a key step for optimizing network functionality and deploying services effectively. With the use of utilities such as iptables, ufw, or firewalld, you can control traffic securely for your apps. You need to test and debug in order to confirm the port is open and working as expected. From web servers to SSH access, to other network services, port management skills ensure smooth operations and better security.