2024-12-05
8 min read

How to Close Specific Ports on Linux Systems

How to Close Specific Ports on Linux Systems

Closing specific ports on Linux is essential for system security and network management. Whether you need to block unauthorized access, stop unused services, or implement security policies, Linux provides several methods to close ports effectively.

Prerequisites

You'll need root or sudo privileges to modify firewall rules and manage services. Basic understanding of networking concepts and Linux command line is helpful.

Understanding Port States

Before closing ports, it's important to understand that "closing a port" can mean:

  1. Stopping the service that's listening on the port
  2. Blocking incoming connections to the port using a firewall
  3. Rejecting connections vs dropping packets silently

Method 1: Using iptables (Traditional Firewall)

The iptables command provides low-level firewall control. To block incoming connections to port 8080:

sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

To block both TCP and UDP traffic on port 53:

sudo iptables -A INPUT -p tcp --dport 53 -j DROP
sudo iptables -A INPUT -p udp --dport 53 -j DROP

Block outgoing connections to a specific port:

sudo iptables -A OUTPUT -p tcp --dport 22 -j DROP

Save iptables rules (varies by distribution):

# Ubuntu/Debian
sudo iptables-save > /etc/iptables/rules.v4

# CentOS/RHEL
sudo service iptables save

Remove a rule (replace -A with -D):

sudo iptables -D INPUT -p tcp --dport 8080 -j DROP

Method 2: Using ufw (Uncomplicated Firewall)

UFW is a user-friendly interface to iptables, common on Ubuntu systems:

Block incoming connections to port 8080:

sudo ufw deny 8080

Block specific protocol on a port:

sudo ufw deny 8080/tcp
sudo ufw deny 53/udp

Block outgoing connections:

sudo ufw deny out 8080

Enable ufw if not already active:

sudo ufw enable

Check ufw status:

sudo ufw status verbose

Remove a rule:

sudo ufw delete deny 8080

Method 3: Using firewalld (CentOS/RHEL/Fedora)

Firewalld is the default firewall management tool on newer Red Hat-based systems:

Block a port:

sudo firewall-cmd --permanent --remove-port=8080/tcp
sudo firewall-cmd --reload

Block multiple ports:

sudo firewall-cmd --permanent --remove-port=8080-8090/tcp
sudo firewall-cmd --reload

Check current ports:

sudo firewall-cmd --list-ports

Block a service by name:

sudo firewall-cmd --permanent --remove-service=http
sudo firewall-cmd --reload

Method 4: Stopping Services on Ports

Sometimes it's better to stop the service using the port rather than blocking it:

Using systemctl (systemd systems):

# Stop a service
sudo systemctl stop apache2
sudo systemctl stop nginx
sudo systemctl stop ssh

# Disable service from starting at boot
sudo systemctl disable apache2

Check what's running on a port:

sudo netstat -tlnp | grep :8080
sudo lsof -i :8080

Kill process by port:

sudo kill $(sudo lsof -t -i:8080)

Advanced Port Blocking Techniques

Block port for specific IP addresses only:

# iptables: Block port 22 from specific IP
sudo iptables -A INPUT -s 192.168.1.100 -p tcp --dport 22 -j DROP

# ufw: Block SSH from specific IP
sudo ufw deny from 192.168.1.100 to any port 22

Block port ranges:

# iptables: Block ports 8000-9000
sudo iptables -A INPUT -p tcp --dport 8000:9000 -j DROP

# ufw: Block port range
sudo ufw deny 8000:9000/tcp

Temporarily block a port (iptables only):

# Block for 1 hour using at command
echo "sudo iptables -D INPUT -p tcp --dport 8080 -j DROP" | at now + 1 hour
sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

Verifying Port Status

Check if a port is closed:

# From the same machine
telnet localhost 8080

# From another machine
nmap -p 8080 target_ip_address

# Using netcat
nc -zv localhost 8080

Monitor blocked connections:

# Monitor iptables logs
sudo tail -f /var/log/kern.log | grep DROP

# For ufw
sudo tail -f /var/log/ufw.log

Creating Port Blocking Scripts

Script to block common vulnerable ports:

#!/bin/bash
# Block commonly attacked ports

PORTS=(23 135 139 445 1433 3389 5900)

for port in "${PORTS[@]}"; do
    echo "Blocking port $port"
    sudo iptables -A INPUT -p tcp --dport $port -j DROP
    sudo iptables -A INPUT -p udp --dport $port -j DROP
done

echo "Saving iptables rules..."
sudo iptables-save > /etc/iptables/rules.v4
echo "Vulnerable ports blocked successfully"

Interactive port blocking script:

#!/bin/bash
block_port() {
    echo "Enter port number to block:"
    read port

    echo "Select protocol:"
    echo "1) TCP"
    echo "2) UDP"
    echo "3) Both"
    read protocol

    case $protocol in
        1) sudo ufw deny $port/tcp ;;
        2) sudo ufw deny $port/udp ;;
        3) sudo ufw deny $port ;;
        *) echo "Invalid option" ;;
    esac

    echo "Port $port blocked successfully"
}

Security Best Practices

Default deny policy:

# iptables: Set default policy to drop
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

# Allow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT

Whitelist essential services:

# Allow SSH (change port if needed)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP/HTTPS
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Troubleshooting Common Issues

Problem: Can't access service after blocking port
Solution: Check if you blocked the wrong port or protocol:

sudo ufw status numbered
sudo ufw delete [rule_number]

Problem: Rules not persisting after reboot
Solution: Ensure rules are saved properly:

# Ubuntu with iptables-persistent
sudo apt install iptables-persistent
sudo netfilter-persistent save

# Manual save/restore in startup scripts
sudo iptables-save > /etc/iptables.rules

Problem: Service still accessible after blocking
Solution: Check if service is listening on multiple interfaces:

sudo netstat -tlnp | grep :8080
sudo ss -tlnp | grep :8080

Monitoring and Logging

Enable logging for dropped packets:

# iptables with logging
sudo iptables -A INPUT -p tcp --dport 8080 -j LOG --log-prefix "DROPPED PORT 8080: "
sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

# ufw logging
sudo ufw logging on

Monitor real-time connections:

# Watch connections to specific port
watch 'netstat -tlnp | grep :8080'

# Monitor firewall logs
sudo tail -f /var/log/ufw.log

Next Steps

Now that you can close specific ports on Linux, consider learning about:

  • Advanced iptables rules and chains
  • Setting up VPN access for remote management
  • Implementing fail2ban for automated blocking
  • Network monitoring and intrusion detection
  • Port scanning and security auditing tools
Published: 2024-12-05|Last updated: 2024-12-05T10:00:00Z

Found an issue?