18.07.2025

How to close ports in Linux: iptables and ufw?

Open ports are one of the main vulnerabilities of the server. If you don't manage them, you risk leaving the "door open" for intruders. In this article, we'll look at how to close ports on Linux using iptables, ufw, and see how to check which ports are already open.

You will also learn how to close port 80, block all ports except the necessary ones, and how this relates to the security of servers and HTTP clients.

Cloud Servers from $5 / moIntel Xeon Gold 6254 3.1 GHz CPU, SLA 99,9%, 100 Mbps channel

How do I view the open ports on the server?

Before closing ports, you need to find out which ones are currently open and which services are using them.

sudo ss -tuln

or:

sudo netstat -tuln

Flag values:

t — TCP
u — UDP
l — LISTEN ports only
n — show numeric port values

How do I close/open the port via iptables?

To close a port (for example, port 80), you can use iptables.

sudo iptables -A INPUT -p tcp --dport 80 -j DROP

This rule will block incoming connections to port 80 over TCP.

For verification purposes:

sudo iptables -L -n --line-numbers

To remove this rule:

sudo iptables -D INPUT

If you previously closed the port and want to allow connections again:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

How to close or open a port via UFW

UFW (Uncomplicated Firewall) is a simple tool for configuring the firewall in Linux, especially convenient in Ubuntu.

To close a port, for example 80, use the command:

sudo ufw deny 80

This command will block incoming connections to the specified default TCP port.

You can check the current rules like this:

sudo ufw status numbered

If you want to cancel one of the rules, find its number in the list and delete it.:

sudo ufw delete rule number

To reopen port 80 for incoming connections:

sudo ufw allow 80

This way, you can easily control access to any port: close unnecessary ones and open the necessary ones as needed, ensuring server security without complex iptables rules.

Script for configuring ports

For port management, you can use automated configuration tools and scripts that will allow you to block all connections except those allowed.

#!/bin/bash

# Check for UFW
if ! command -v ufw /dev/null; then
echo "UFW is not installed. Installing..."
sudo apt update && sudo apt install -y ufw
fi

echo "Disabling ufw if it has already been enabled..."
sudo ufw disable

echo "Reset all rules..."
sudo ufw reset

echo "I'm setting the default policy: prohibit incoming, allow outgoing..."
sudo ufw default deny incoming
sudo ufw default allow outgoing

echo "I allow HTTPS (port 443)..."
sudo ufw allow 443/tcp

echo "Enabling ufw..."
sudo ufw enable

echo "Current ufw status:"
sudo ufw status verbose

How to disable the service that opens the port

Sometimes ports are open because a certain service is running (for example, Apache or Nginx). If you are not using it, disable it.

Disabling Apache:

sudo systemctl stop apache2
sudo systemctl disable apache2

Disabling Nginx:

sudo systemctl stop nginx
sudo systemctl disable nginx

Safety tips

Close all unused ports.
Allow only the specific ports you need (for example, 22 and 443).
Use fail2ban to protect against password brute force.
Configure the firewall (UFW, firewalld, or iptables) immediately after installing the server.

Port management is an important part of protecting a Linux server. Now you know how to close ports in Linux, view open ports, block port 80, and allow only the necessary connections.