It's time for help on server administration! This article describes how to open ports on the firewall of your Linux servers. This can be very useful as well as dangerous, so make sure you know which port you need to open. Hackers can use these open ports to gain unauthorized access to your server, so be careful! "Then why should I open ports at all?" Do you have a radio streaming program that you want to use on your website? Then you need to open a port to "listen" to it. Otherwise, it won't work! Also remember that using this process will allow you to close ports or move them. Thus, bots scanning commonly used standard ports will find nothing but a closed door. In this tutorial, I'll use CSF Firewall (ConfigServer Security & Firewal) as an example, a powerful yet easy-to-use firewall for Linux servers. In this example, you will open port 8001 of the radio broadcaster for your site.
Step 1. Log in via SSH to your server as Root user
[root @ yourserver] ~ >>
Step 2. Change to the directory where the CSF configuration file is located
- [root @ yourserver] ~ >> cd / etc / csf
- Press (Enter)
This is where CSF stores all of its files, not just the configuration file.
Step 3. Open the configuration file for editing
An editor like "Vim" will do as it looks nice and easy to use. It's okay if you are using a different editor, just remember that the commands for "Vim" are shown here.
- [root @ yourserver] csf >> vim csf.conf
- Press (Enter)
There are many security settings in this file that you can customize for yourself, but I will not go into it here. You can read the comments in the file, which describe what each setting is responsible for.
- Once you open the file, you will see the "TCP_IN" and "TCP_OUT" sections. It will look like this:
4 Open incoming TCP ports
TCP_IN = "20, 21, 1122, 25, 26, 53, 80, 110, 143, 443, 465, 587, 993, 995, 2077, 2078, 2082, 2083, 2086, 2087, 2095, 2096, 8000"
5 Open outgoing TCP ports
- TCP_OUT = "20, 21, 1122, 25, 37, 43, 53, 80, 110, 113, 443, 587, 873, 2087, 2089, 2703, 8000"
All of these numbers are currently "open" ports. They may differ from you, so don't panic! It all depends on your settings
Step 6. Scroll down to the end of these lines where you will see the number 8000
This is where we add our port.
- 2095, 2096, 8000"
Since we are using "Vim", special commands are needed. Press [i] on your keyboard. This will enter "Vims" mode - insert - and you can edit the content
Step 7. Enter the port number
- 2095, 2096, 8000, 8001"
Repeat the procedure for TCP_OUT as well
Step 8. When finished, hold down the (Ctrl) button on the keyboard and, without releasing it, press ([)
This will take you out of insert mode.
Step 9. Save and exit the file
Press (Shift) and (;) at the same time. (:) s should appear at the bottom with a blinking cursor.
Step 10. Enter letters (w) and (q) without spaces
This means -write (save) and -quit (quit).
Step 11. Restart the firewall for the changes to take effect
- [root @ yourserver] csf >> service csf restart
- Press (Enter)
You will see the following:
12 Stop CSF
Step 13. Then (if you have something blacklisted or whitelisted), the IP addresses will fly across the screen
Do not worry! These are all IP addresses that have been blacklisted or whitelisted are added to the firewall. This process will only take a few seconds (unless you have a huge list). Step 14. When you see this, you're done!
- APF directory: [root @ yourserver} ~ >> cd / etc / apf / File name: conf.apf
- If you see a port you are not using, close it! You don't want to leave the door open for intruders!
- If you are using Advanced Policy Firewall (APF), this "Wiki How" will work for you. The APF configuration file is just in a different location.
- If you start to lose your temper and open all ports in a row, YOUR SERVER WILL HAPPEN! So make sure you don't make the job easier for them. Open only the ports you need and close the ones you are not using.
- Remember to restart your firewall when finished. Otherwise, the changes made in the configuration file will not take effect.