There are no tags associated with this article.

How to open ports in Linux?

We might try to start with the firewall definition which is needed to fulfil understanding of "port-vocabulary". Firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a network. It is in charge of managing Allow and Deny rules for ports.

Accordingly to the topic of this guide we would like to open ports in Linux distributions such as Ubuntu or CentOS. Both distros allow to configure it with different set of tools (firewalls packages) but with the same results.


Tools that we will be using:

    • UFW

    • Firewalld


Let’s have a look at the Ubuntu scenario first:



This distribution contains preinstalled service UFW(Uncomplicated Firewall) by default. It simplifies the whole configuration and it is user-friendly for every person.

For the first step, install the ufw tool command:

$ sudo apt install ufw


Check the service status with standard systemctl command:

$ sudo systemctl status ufw 


Enable UFW with enable command:

$ sudo ufw enable


Syntax to open specific TCP port:

$ sudo ufw allow (port)/tcp


for example:

$ sudo ufw allow 53/tcp


Syntax supports also names which reffer to specific ports:

$ sudo ufw allow https


To allow incoming tcp and udp packet on port 21, enter:

$ sudo ufw allow 21


Example for specific IP Address:

$ sudo ufw allow from to any port


Let’s check the configuration:

$ sudo ufw status verbose


Command displays a provisional table with three columns:


    • To – describes the particular protocol

    • Action – tells us whether it is allowed or denied

    • From – It says about the source e.g anywhere or one ip address like presented above


It’s time for CentOS already:


Firewalld is more advanced tool which uses zones in its configuration. They are responsible for taking care of some area, or one “attached” network interface.


Firewalld is frontend controller for iptables used to implement persistent network traffic rules.

Let’s take a look for a bunch of commands that elaborate with firewalld.

1. Install firewalld command:

$ sudo yum install firewalld


Start our service with stardand systemctl command:

$ sudo systemctl start firewalld


Enable it:

$ sudo systemctl enable firewalld


This command informs us about state of service. It may only display two sentences: “running” or “no running”

$ sudo firewall-cmd --state


Default zone is public. In this short tutorial we will not be changing it, but if you would like to then use this commands:

$ sudo firewall-cmd --set-default-zone=work


Let’s try to add tcp traffic on port 1112:

$ sudo firewall-cmd --zone=public --add-port=1112/tcp --permanent


TO reload and get those changes applied instantly we have to reload the firewalld state.

$ sudo firewall-cmd --reload


We may obtain a readable review of our new rule with listing command:



To allow a ssh connection on specific Ipv4 we have to use syntax with “rich rule”

$ sudo firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4"
source address="" port port=22 protocol=tcp accept'

That’s the quick tutorial for firewalld.


 Firewall is the default package for CentOS to manage incoming and outcoming traffic. If the UFW seems more preferable for you may install those packages too.