Ubuntu firewall open port

Prerequisites

Administrator privileges are required to open ports. First, check rule numbers using:

Then delete the desired rule using its number:

8. By default, if you did not specify the protocol, the port will open for both TCP and UDP protocols.

ufw allow port-number/protocol

Examples

The Above rule will open both TCP and UDP port 53 to All networks.

This rule will open TCP port 22 to all networks.

We can delete firewall rules using ufw delete command

Open Port By Service Name in Ubuntu Firewall

It is also possible to open port by service name instead of the port number.

This rule will Allow ssh protocol (which use TCP port 22 by default) from the Ubuntu Firewall.

ufw will check /etc/services file for the corresponding port if we specify the protocol by service name instead of the port number.

Open Port to Specific IP Address in UFW

Rather than opening a port to everyone, UFW allows to open ports to specific IP Address using following format.

Examples

Allow Access from IP Address 192.168.1.50 on Both TCP and UDP Port 53 (Since Protocol not specified).

This rule open TCP port 22 to remote IP Address 192.168.1.50 from the Ubuntu Firewall.

This firewall rule will open port 22 to the IP Address 192.168.1.50, But Connection can only establish through local IP Address (192.168.1.200).

Firewalls can block unauthorized access, prevent malicious attacks, and protect sensitive data.

Why Open Ports?#

Ports are communication endpoints in a network. Different services and applications use specific ports to communicate with other devices. For example, if you don't need SSH access from the outside world, don't open port 22.

Use App Profiles#

UFW has built-in application profiles for common services.

About Ubuntu’s Firewall ()

Ubuntu comes with preinstalled, a tool designed to simplify firewall configuration. You can list the available profiles using the following command:

To allow a service using its profile, for example, OpenSSH, use the following command:

Regularly Review Firewall Rules#

Periodically review your firewall rules to ensure that they are still relevant.

Ubuntu closes most ports by default to enhance security, but when you need to open a particular port, the tool “ufw (Uncomplicated Firewall)” makes the process simple. Reloading Firewall Settings

To apply changes, you must reload . Only open the ports that are required for the services you are running. Managing and Deleting Rules

To view existing rules, use:

To delete a specific rule—such as removing the open port 22 rule—use:

You can also delete rules by specifying their rule numbers.

For example, if you change the SSH port to 2222:

Opening Ports for Databases#

For a MySQL database, which uses port 3306 by default, you can open the port with the following command:

Best Practices#

Only Open Necessary Ports#

Opening unnecessary ports increases the attack surface of your system.

Otherwise, the incoming traffic to that port will be blocked.

Ubuntu's Firewall - UFW#

Uncomplicated Firewall (UFW) is a user-friendly front-end for managing iptables, which is the traditional Linux firewall configuration tool. This article explains in detail how to open ports on Ubuntu.

2. Open ports accept external access, increasing exposure to unauthorized connections.

For example, web servers typically use port 80 for HTTP and port 443 for HTTPS. Introduction

Port opening is a necessary configuration that allows specific applications and services to be accessed from external sources. If it is enabled, it will display the current rules.

Enabling UFW#

To enable UFW, run the following command:

You will be prompted to confirm, as enabling UFW can block all incoming traffic by default.

Opening a Single Port#

To open a single port, for example, port 80 (used for HTTP), use the following command:

Opening a Range of Ports#

If you need to open a range of ports, say from port 2000 to 2010, use the following command:

The part specifies the protocol.

UFW simplifies the process of setting up and managing firewall rules on Ubuntu. By default, SSH uses TCP.

It is recommended to change the default SSH port to a non-standard port for security reasons. Remember to always be cautious when opening ports and regularly review your firewall rules to maintain a high level of security.

References#