How to open ports in Linux on WEkEO Elasticity

../_images/button_orange_cf24.png

Firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a network. It is in charge of managing Allow and Deny rules for ports.

In this article we shall explain commands which open ports on two Linux distributions, Ubuntu and CentOS. Both distros allow to configure it with different set of tools (firewalls packages) but with the same results.

Tools that we will be using:

  • UFW

  • Firewalld

Ubuntu

../_images/open_01.png

This distribution contains preinstalled service UFW (Uncomplicated Firewall) by default. It simplifies the whole configuration and it is user-friendly for every person.

For the first step, install the ufw tool command:

$ sudo apt install ufw

Check the service status with standard systemctl command:

$ sudo systemctl status ufw

Enable UFW with enable command:

$ sudo ufw enable

Syntax to open specific TCP port:

$ sudo ufw allow (port)/tcp

For example:

$ sudo ufw allow 53/tcp

Syntax supports also names which refer to specific ports:

$ sudo ufw allow https

To allow incoming tcp and udp packets on port 21, enter:

$ sudo ufw allow 21

Example for specific IP Address:

$ sudo ufw allow from 190.34.21.113 to any port

Let’s check the configuration:

$ sudo ufw status verbose

Command displays a provisional table with three columns:

../_images/open_02.png

Explanation:

To

Describes the particular protocol

Action

Tells us whether it is allowed or denied

From

It says about the source e.g anywhere or one ip address like presented above

CentOS

Firewalld is more advanced tool which uses zones in its configuration. They are responsible for taking care of some area, or one “attached” network interface.

../_images/open_03.png

Firewalld is frontend controller for iptables used to implement persistent network traffic rules.

Let’s take a look for a bunch of commands that come with firewalld.

  1. Install firewalld command:

$ sudo yum install firewalld

Start our service with standard systemctl command:

$ sudo systemctl start firewalld

Enable it:

$ sudo systemctl enable firewalld

The following command informs us about the state of service. It may only display two sentences: “running” or “no running”:

$ sudo firewall-cmd --state

Default zone is public. In this short tutorial we will not be changing it, but if you would like to then use this commands:

$ sudo firewall-cmd --set-default-zone=work

Let’s try to add tcp traffic on port 1112:

$ sudo firewall-cmd --zone=public --add-port=1112/tcp --permanent

T reload and get those changes applied instantly we have to reload the firewalld state.

$ sudo firewall-cmd --reload

We may obtain a readable review of our new rule with listing command:

../_images/open_04.png

To allow a ssh connection on specific Ipv4 we have to use syntax with “rich rule”:

$ sudo firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.13.44" port port=22 protocol=tcp accept'

Firewalld is the default package for CentOS to manage incoming and outcoming traffic. If UFW seems more preferable to you may install that package too.