How to Open Ports in Linux Server Firewall

Опубликовал Admin
1-02-2017, 05:48
3 222
0
It's time for some more server admin assistance! This article will be showing you how to open ports in your Linux servers firewall. This can be very useful, and also dangerous, so be sure you know what port you want to open up. Hackers can use these open ports to gain unauthorized access to your server, so be careful! "Then why would I ever want to open ports?" Do you have a neat radio streaming program you want to use for your website? You are going to have to open up the port that it "listens" through, otherwise it will not work! Keep in mind also, using this process also allows you to close ports, or move them. That way bot programs that scan commonly used default ports, will find nothing but a closed door. For this tutorial I will be using the example of having a CSF Firewall (ConfigServer Security & Firewall) a powerful, yet easy to use, firewall on Linux servers. This example will have you open port 8001 for your radio streaming program on your site.

Steps

  1. SSH into your server as Root:
    • [root@yourserver] ~ >>
  2. Get to the directory where the configuration file is for CSF:
    • [root@yourserver] ~ >> cd /etc/csf
    • Press (Enter)
      • Note: This is where CSF keeps all of its files, not just the configuration file.
  3. Open the configuration file so that we can edit it. Something like "Vim" editor is good because it's nice and easy. If you use a different editor that is fine, just know that the commands showing are for "Vim."
    • [root@yourserver] csf >> vim csf.conf
    • Press (Enter)
      • Note: This file has a lot of great security settings in it that you can tweak to your needs, but I am not going to be going into those here. You can read the comments in the file and they do a great job of explaining what each setting does.
    • Once you have the file open, you will see a "TCP_IN" and "TCP_OUT" section. It will look like this:
  4. Allow incoming TCP ports
    • TCP_IN = "20,21,1122, 25, 26, 53, 80, 110, 143, 443, 465, 587, 993, 995, 2077, 2078, 2082, 2083, 2086, 2087, 2095, 2096, 8000"  
  5. Allow outgoing TCP ports
    • TCP_OUT = "20, 21, 1122, 25, 37, 43, 53, 80, 110, 113, 443, 587, 873, 2087, 2089, 2703, 8000"
      • All those numbers there are ports that are currently "open". Yours may look different so don't panic! It all depends on your configuration.
  6. Navigate down to the end of those lines after where you see that 8000 number. This is where we are going to add our port.
    • 2095, 2096, 8000[]"  
      • Since we are using "Vim" we need some special commands. Press the [ i ] on your keyboard. This will allow you to enter "Vims" - - insert - - mode so you can add text.
  7. Type in the port number: 
    • 2095, 2096, 8000, 8001[]"
      • Do this for the TCP_OUT as well.
  8. When you are finished, hold the (Ctrl) key on your keyboard and press the bracket button ( [ ). This will get you out of - -insert- - mode.
  9. Save and get out of this file. Hold the (Shift) key and press ( ; ). At the bottom, ( : ) should appear with a blinking cursor.
  10. Type the letters (w) and (q), with no spaces. This stands for -write and -quit.
  11. Restart the firewall so that your changes take effect!
    • [root@yourserver] csf >> service csf restart
    • Press (Enter)
      • You will see this:
  12. Stopping CSF
  13. Then you will see (if any were in the blacklist or whitelist) a bunch of IPs flying across your screen. Don't Worry! These are all IPs that have either been blacklisted or whitelisted and are being put back into the firewall. This will only take like five seconds (unless you have a huge list).
  14. When you see this, You are Done!

Tips

  • APF directory: [root@yourserver} ~ >> cd /etc/apf/        File name: conf.apf
  • If you are using APF Firewall (Advanced Policy Firewall), this "Wiki How" applies. The APF configuration file is just in a different spot.
  • If you see a port that you are not using or running services through, close it up! You don't want to leave an open door for intruders!

Warnings

  • If you do start going crazy and adding open ports like they were going out of style, YOU WILL GET HACKED! So make sure that you don't make their job any easier. Just open what you need to, close what you don't.
  • Make sure you restart the firewall when you are done. Otherwise, any changes you made to the configuration file will not be recognized by the firewall.
Теги:
Information
Users of Guests are not allowed to comment this publication.