In this tutorial we’ll learn how to check for listening ports, using numerous tools, along with managing ports by allowing or disallowing incoming and outgoing connections.
Ports in Ubuntu
What is a port? In simple words: a door to a program running in your operating system. Or: application-specific or process-specific software construct used as a numeric identifier of a particular connection between two applications.
Port numbers is a 16-bit unsigned integer that range from 0 to 65535. Applications listen for ports to achieve a successful communication from the outside.
When dealing with a well-known distribution as Ubuntu, there are multiple tricks and features that check for, close or open ports.
So as an alert Linux user, it’s imperative to be aware of probe for open ports in your system, which ones are open by default, closing open ports and allowing exceptions. If not, securities holes and system’s vulnerabilities would be the least of your problems, not to mention bandwidth and resource consuming connections.
Check common ports:
| Port Name | Port Number/Protocol | Alias |
|---|---|---|
| ftp | 21/tcp | // |
| -ssh | 22/tcp | // |
| -smtp | 25/tcp | |
| domain | 53/tcp | nameserver |
| domain | 53/udp | nameserver |
| http | 80/tcp | www www-http |
| -https | 443/tcp | // |
| pop3 | 110/tcp | pop-3 |
Table of Contents
How to Inspect Listening Ports
Obviously, before even starting to open or close ports, it’s necessary to be familiar with which ports are open in your system. To do that, we can use various built-in command line utilities or installed.
Fire up your machine, open the terminal, then type the next command to list running services and which ports are used.
less /etc/services
ftp 21/tcp fsp 21/udp fspd ssh 22/tcp # SSH Remote Login Protocol telnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver whois 43/tcp nicname
When you want to quit less, hit the q key.
Suppose we want to check for specific ports (80, 443 and 22). Easily use the grep tool like so:
grep -we 80 -we 22 -we 443 /etc/services
ssh 22/tcp # SSH Remote Login Protocol http 80/tcp www # WorldWideWeb HTTP https 443/tcp # http protocol over TLS/SSL https 443/udp # HTTP/3
The next command is using netstat, which is a well known utility that can be used to inspect listening ports and socket information. There are multiple variations of using this tool, but we will be ok by the next (tcp/udp):
netstat -intu
We can also be using the ss tool, which is very similar to netstat.
ss -intu
lsof is a command line utility for listing open files, but can be used to check what process and tool is listening on a specific port; or by using the protocol.
lsof -i :80 lsof -i udp
Now to one of the major tools in the port scanning field: Nmap. We can also use this tool in a variety of ways, but we will see only the following example:
nmap localhost
Note that the utilities above will only display the port if a service or a process is actually listening for incoming connections, (if port is in use). But keep in mind, this does not mean that the listening service is open to the internet, since our firewall could be blocking incoming connections for certain ports.
How to Open Ports
Generally to open or close ports on Ubuntu we use ufw command (Uncomplicated Firewall); which is a frontend for iptables. Before starting to manage our ports, we have to check the ufw statues by running the next command:
sudo ufw status verbose
Status: inactive
Enable your firewall as so:
sudo ufw enable
Firewall is active and enabled on system startup
Run the first command:
sudo ufw status verbose
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip
As you can see, our firewall is denying incoming connections. So if we want to add an exception (22 tcp), we should run the below mentioned command.
sudo ufw allow 22/tcp
Rule added Rule added (v6)
Check if our firewall is indeed making an exception for port 22:
sudo ufw status verbose
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6)
In the even we want to allow a specific IP address to connect to port 22:
sudo ufw allow from 40.200.14.5 to any port 22
Rule added
We could use the same previous command for a subnet of IP addresses:
sudo ufw allow from 40.200.14.0/24 to any port 22
Rule added
We checked managing incoming connections; for allowing outgoing connections we use the out option:
sudo ufw allow out 22/tcp
Rule added Rule added (v6)
Let’s check the iptables examples for opening ports. First let’s make an exception for incoming connections to port 80:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
This second command for making an exception for outgoing connections to port 80:
sudo iptables -I OUTPUT -p tcp --sport 80 -j ACCEPT
How to Close Ports
Like opening ports, there are numerous commands for closing ports. Upon discovery of an open port that should be closed. The easiest way as before is using ufw.
Let’s start by blocking port 22:
sudo ufw deny 22
Rule added Rule added (v6)
We could use the reject keyword instead:
sudo ufw reject 22
Note that reject and deny options achieve similar results, the key difference though, is that reject informs back the sender that their connection was rejected via error packet.
As before, in case we want to block outgoing call, we use the following command:
sudo ufw deny out 22
Rule added Rule added (v6)
Let’s try iptables to block incoming connections:
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
Just like ufw, DROP keyword is used to block connections without sending back an error packet.
sudo iptables -A INPUT -p tcp --dport 80 -j REJECT
The REJECT option, for informing the sender that their request has been rejected.
When trying to block users from using a specific port (outgoing), we use the following:
sudo iptables -A OUTPUT -p tcp --sport 80 -j DROP
Bonus: In case that you missed around with your firewall (adding and dropping a whole lot of exceptions). Do not worry; just run the command mentioned below to start over.
sudo ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y Backing up 'user.rules' to '/etc/ufw/user.rules.20220503_211753' Backing up 'before.rules' to '/etc/ufw/before.rules.20220503_211753' Backing up 'after.rules' to '/etc/ufw/after.rules.20220503_211753' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20220503_211753' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20220503_211753' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20220503_211753'
Conclusion
In this how to article we learned about checking which ports are used by our services and programs, we did that by testing different utilities and command lines. We also learned about managing ports with ufw and iptables; we’ve managed that by being acquainted with executing allow exceptions, deny/reject exceptions and how to run them for different scenarios.
