Open ports are one of the main vulnerabilities of the server. If you don't manage them, you risk leaving the "door open" for intruders. In this article, we'll look at how to close ports on Linux using iptables, ufw, and see how to check which ports are already open.
You will also learn how to close port 80, block all ports except the necessary ones, and how this relates to the security of servers and HTTP clients.
How do I view the open ports on the server?
Before closing ports, you need to find out which ones are currently open and which services are using them.
sudo ss -tulnor:
sudo netstat -tulnFlag values:
- t — TCP
- u — UDP
- l — LISTEN ports only
- n — show numeric port values
How do I close/open the port via iptables?
To close a port (for example, port 80), you can use iptables.
sudo iptables -A INPUT -p tcp --dport 80 -j DROPThis rule will block incoming connections to port 80 over TCP.
For verification purposes:
sudo iptables -L -n --line-numbersTo remove this rule:
sudo iptables -D INPUT If you previously closed the port and want to allow connections again:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPTHow to close or open a port via UFW
UFW (Uncomplicated Firewall) is a simple tool for configuring the firewall in Linux, especially convenient in Ubuntu.
To close a port, for example 80, use the command:
sudo ufw deny 80This command will block incoming connections to the specified default TCP port.
You can check the current rules like this:
sudo ufw status numberedIf you want to cancel one of the rules, find its number in the list and delete it.:
sudo ufw delete rule numberTo reopen port 80 for incoming connections:
sudo ufw allow 80This way, you can easily control access to any port: close unnecessary ones and open the necessary ones as needed, ensuring server security without complex iptables rules.
Script for configuring ports
For port management, you can use automated configuration tools and scripts that will allow you to block all connections except those allowed.
#!/bin/bash
# Check for UFW
if ! command -v ufw /dev/null; then
echo "UFW is not installed. Installing..."
sudo apt update && sudo apt install -y ufw
fi
echo "Disabling ufw if it has already been enabled..."
sudo ufw disable
echo "Reset all rules..."
sudo ufw reset
echo "I'm setting the default policy: prohibit incoming, allow outgoing..."
sudo ufw default deny incoming
sudo ufw default allow outgoing
echo "I allow HTTPS (port 443)..."
sudo ufw allow 443/tcp
echo "Enabling ufw..."
sudo ufw enable
echo "Current ufw status:"
sudo ufw status verbose
How to disable the service that opens the port
Sometimes ports are open because a certain service is running (for example, Apache or Nginx). If you are not using it, disable it.
Disabling Apache:
sudo systemctl stop apache2
sudo systemctl disable apache2Disabling Nginx:
sudo systemctl stop nginx
sudo systemctl disable nginxSafety tips
- Close all unused ports.
- Allow only the specific ports you need (for example, 22 and 443).
- Use fail2ban to protect against password brute force.
- Configure the firewall (UFW, firewalld, or iptables) immediately after installing the server.
Port management is an important part of protecting a Linux server. Now you know how to close ports in Linux, view open ports, block port 80, and allow only the necessary connections.
