How to Open Ports and List Open Ports in Linux

When working with networks in Linux, you may need to open or close a network port. Port management is essential for security — the fewer open ports in a system, the fewer potential attack vectors it has. Furthermore, if a port is closed, an attacker cannot gather information about the service running on that specific port.

You can open or close ports, as well as check open ports, in Linux distributions such as Ubuntu/Debian and CentOS/RHEL using firewalls like ufw, firewalld, and iptables. This guide will walk you through each process in detail.

We will demonstrate this process on two Linux distributions: Ubuntu 22.04 and CentOS 9, run on Hostman VPS. All commands provided here will work on any Debian-based or RHEL-based distributions.

What is a Network Port?

Copy link

Ports are used to access specific applications and protocols. For example, a server can host both a web server and a database—ports direct traffic to the appropriate service. Technically, a network port is a non-negative integer ranging from 0 to 65535.

• Reserved Ports (0-1023): Used by popular protocols and network services like SSH (port 22), FTP (port 21), HTTP (port 80), and HTTPS (port 443).
• Registered Ports (1024-49151): These ports can be used by specific applications for communication.
• Dynamic Ports (49151-65535): These are used for temporary connections and can be dynamically assigned to applications.

How to Open Ports in Debian-Based Linux Distributions

Copy link

On Debian-based systems (Ubuntu, Debian, Linux Mint, etc.), you can use ufw (Uncomplicated Firewall).

ufw comes pre-installed on most popular APT-based distributions. To check if ufw is installed, run:

ufw version

If the version is displayed, ufw is installed. Otherwise, install it with:

apt update && apt -y install ufw

By default, ufw is inactive, meaning all ports are open. You can check its status with:

ufw status

To activate it, use:

ufw enable

You will need to confirm by entering y. Note that enabling ufw may interrupt current SSH connections. By default, ufw blocks all incoming traffic and allows all outgoing traffic.

To check the default policy, use:

cat /etc/default/ufw

Opening Ports in ufw

Copy link

To open a port, use the command:

ufw allow <port_number>

For example, to open port 22 for SSH, run:

ufw allow 22

You can list multiple port numbers separated by commas, followed by the protocol (tcp or udp):

ufw allow 80,443,8081,8443/tcp
ufw allow 80,443,8081,8443/udp

Instead of specifying port numbers, you can use the service name as defined in /etc/services.

For example, to open the Telnet service, which uses port 23 by default:

ufw allow telnet

Note: You cannot specify multiple service names at once; ufw will return an error:

To open a port range, use the following syntax:

ufw allow <start_port>:<end_port>/<protocol>

Example:

ufw allow 8000:8080/tcp

Closing Ports in ufw

Copy link

To close a port using ufw, use the command:

ufw deny <port_number>

For example, to close port 80, run:

ufw deny 80

You can also use the service name instead of the port number. For example, to close port 21 used by the FTP protocol:

ufw deny ftp

Checking Open Ports in ufw

Copy link

To list all open and closed ports in the Linux system, use:

ufw status

Another option to view open ports in Linux is:

ufw status verbose

How to Open a Port in RHEL-Based Linux Distributions

Copy link

Linux RHEL-based distributions (CentOS 7+, RHEL 7+, Fedora 18+, OpenSUSE 15+) use firewalld by default.

Opening Ports in firewalld

Copy link

To check if firewalld is installed, run:

firewall-offline-cmd -V

If the version is displayed, firewalld is installed. Otherwise, install it manually:

dnf install firewalld

By default, firewalld is disabled. Check its status with:

firewall-cmd --state

To enable firewalld, run:

systemctl start firewalld

To open port 8080 for the TCP protocol, use:

firewall-cmd --zone=public --add-port=8080/tcp --permanent

• --zone=public: Specifies the zone for the rule.
• --add-port=8080/tcp: Specifies the port and protocol (TCP or UDP).
• --permanent: Saves the rule to persist after a system reboot. Without this parameter, the change will only last until the next reboot.

Alternatively, you can open a port in Linux by specifying a service name instead of a port number. For example, to open the HTTP (port 80) protocol:

firewall-cmd --zone=public --add-service=http --permanent

Reload firewalld to apply the changes:

firewall-cmd --reload

Closing Ports in firewalld

Copy link

You can close a port using either its number or service name.

To close a port using its number, run:

firewall-cmd --zone=public --remove-port=8080/tcp --permanent

To close a port using the service name, run:

firewall-cmd --zone=public --remove-service=http --permanent

After opening or closing a port, always reload firewalld to apply the changes:

firewall-cmd --reload

Listing Open Ports in firewalld

Copy link

To list all open ports in your Linux system, you can use:

firewall-cmd --list-ports

Managing Ports in iptables

Copy link

Unlike ufw and firewalld, iptables comes pre-installed in many Linux distributions, including Ubuntu, Debian, RHEL, Rocky Linux, and AlmaLinux.

Opening Ports in iptables

Copy link

To open port 8182 for incoming connections, use:

iptables -A INPUT -p tcp --dport 8182 -j ACCEPT

• -A INPUT: The -A flag is used to add one or more rules. INPUT specifies the chain to which the rule will be added (in this case, incoming connections).
• -p tcp: Specifies the protocol. Supported values include tcp, udp, udplite, icmp, esp, ah, and sctp.
• --dport 8182: Specifies the port to be opened or closed.
• -j ACCEPT: Defines the action for the port. ACCEPT allows traffic through the port.

To open a port for outgoing connections, use the OUTPUT chain instead:

iptables -A OUTPUT -p tcp --dport 8182 -j ACCEPT

To open a range of ports, use the --match multiport option:

iptables -A INPUT -p tcp --match multiport --dports 1024:2000 -j ACCEPT

Closing Ports in iptables

Copy link

To close a port, use the -D option and set the action to DROP. For example, to close port 8182 for incoming connections:

iptables -A INPUT -p tcp --dport 8182 -j DROP

To close a range of ports, use the same syntax as for opening a range, but replace ACCEPT with DROP:

iptables -A INPUT -p tcp --match multiport --dports 1024:2000 -j DROP

Saving iptables Rules

Copy link

By default, iptables rules are only effective until you restart the server. To save the rules permanently, install the iptables-persistent utility.

For APT-based distributions:

apt update && apt -y install iptables-persistent

For DNF-based distributions:

dnf -y install iptables-persistent

To save the current rules, run:

iptables-save

After the next server reboot, the rules will be automatically reloaded.

Viewing Open Ports in iptables

Copy link

To list all current rules and opened ports on the Linux machine, use:

iptables -L -v -n

To list rules specifically for IPv4, use:

iptables -S

To list rules for IPv6, use:

ip6tables -S

Conclusion

Copy link

In this guide, we demonstrated how to open and close network ports in Linux and check currently open ports using three different utilities: ufw, firewalld, and iptables. Proper port management reduces the risk of potential network attacks and helps obscure information about the services using those ports.

And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS.