Open or Close Port in Firewall

Nelson S.
  • Updated
Follow

Opening and closing ports in a firewall is a fundamental aspect of network security. Ports are virtual endpoints through which data flows in and out of a computer or network.

Opening a port in the firewall involves configuring the firewall rules to allow inbound traffic through a specific port number. This is necessary when running services or applications that require external access, such as web servers or email servers. However, it is crucial to carefully consider the security implications before opening a port, as it exposes the associated service to potential threats.

Closing a port in the firewall means blocking incoming connections to that specific port, effectively preventing access to any service running on that port. This action can be taken to enhance security, especially if a service is no longer required or if there are concerns about potential vulnerabilities.

Proper management of open and closed ports is essential for maintaining a secure network environment.  By default, most ports are closed by the firewall and therefore inaccessible. Ports can be opened by editing the firewall configuration file. This guide details the process for opening and closing a port in APF or CSF.  As opening ports requires root access, this option is only available on our VPS and dedicated server hosting.

Related Articles

Install CSF
Whitelist IP in Server Firewall

APF

IMPORTANT: This solution will require root access. If this needs to be obtained, follow the guide on requesting root access.

  1. SSH into the server as root
  2. Open /etc/apf/conf.apf with your favorite text editor
    EXAMPLE: To use nano, type nano /etc/apf/conf.apf.
    TIP: If the file does not exist, you are likely using CSF for your firewall software instead of APF.
  3. Find the line with IG_TCP_CPORTS that will look similar to this
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,587,993,995,2079,2080,2082,2083,2086,2087,2095,2096,3306,30000_35000"
  4. Add a comma and then the port you would like opened
    EXAMPLE: If you wanted to open port 2201, you would update the previous line to this.
    IG_TCP_CPORTS="20,21,25,53,80,110,143,443,465,587,993,995,2079,2080,2082,2083,2086,2087,2095,2096,3306,30000_35000,2201"
    NOTE: The order of the ports does not matter. You can put it in sequential order if you want or at the end.
    TIP: To close a port, remove it from the list instead.
  5. Save the file
    TIP: With nano, you can save and close the file by pressing <Ctrl+X> to exit, followed by <Y> to save the changes.
  6. Restart APF with
    apf -r

CSF

IMPORTANT: This solution will require root access. If this needs to be obtained, follow the guide on requesting root access.

  1. SSH into the server as root
  2. Open /etc/csf/csf.conf with your favorite text editor
    EXAMPLE: To use nano, type nano /etc/csf/csf.conf.
    TIP: If the file does not exist, you are likely using APF for your firewall software instead of CSF.
  3. Find the line starting with TCP_IN, it will look similar to this
    TCP_IN = "20,21,25,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,3306,8080,8443,587,30000:35000"
  4. Add a comma and then the port you would like opened
    EXAMPLE: If you wanted to open port 2206, it would look like this using the example above.
    TCP_IN = "20,21,25,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,3306,8080,8443,587,30000:35000,2206"
    NOTE: The order of the ports does not matter, you can put it in sequential order if you want or at the end.
    TIP: To close a port, remove it from the list instead.
  5. Save the file
    TIP: With nano, you can save and close the file by pressing <Ctrl+X> to exit, followed by <Y> to save the changes.
  6. Restart CSF with
    csf -r

Related articles

Comments

0 comments

Article is closed for comments.