Time for some server maintenance! In this article we will show you how to open ports on your Linux server's firewall. This can be very useful, but also dangerous. So, make sure you know which door you are going to open. Hackers can use these ports to hack into your computer, be careful! "Why then should I ever open doors?" The explanation is simple: do you want to implement a streaming radio program on your website? Then you will have to open and listen to "doors", otherwise, it will not work! necessary to open the ports, which are the same as to follow to close them or move the open ports. In this way the bot programs that scan the network for open ports among the most commonly used, will not find any on your computer. tutorial, we will use CSF Firewall (ConfigServer Security & Firewall), a powerful and easy to use Linux server firewall. In this example we will open port 8001.
Steps
Step 1. Log in to your server via SSH as root:
[root @ your server] ~ >>
Step 2. Navigate to the folder where the CSF configuration file is located:
- [root @ your server] ~ >> cd / etc / csf
-
Hit enter.
-
Note:
This is the folder where CSF keeps all files, not just the configuration file.
Step 3. Open the configuration file so you can edit it using an editor such as “Vim”
You can of course use another editor, but in this article we will only show the “Vim” commands.
- [root @ your server] csf >> vim csf.conf
-
Hit enter.
-
Note:
This file contains many security settings that you can change as needed, but which will not be covered in this article. To find out what each setting does, read the comments in the file.
-
- Once you open the file, you will see a section "TCP_IN" and "TCP_OUT", similar to this:
Step 4. Allow inbound TCP traffic
TCP_IN = "20, 21, 1122, 25, 26, 53, 80, 110, 143, 443, 465, 587, 993, 995, 2077, 2078, 2082, 2083, 2086, 2087, 2095, 2096, 8000"
Step 5. Allow outbound TCP traffic
-
TCP_OUT = "20, 21, 1122, 25, 37, 43, 53, 80, 110, 113, 443, 587, 873, 2087, 2089, 2703, 8000"
All of these numbers are the currently “open” ports on your server. Your file will most likely be different, don't be scared! This, in fact, depends on the configuration of the server
Step 6. Scroll down until you see the number 8000, this is where we are going to add our door
-
2095, 2096, 8000"
On "Vim", we will need some special commands. Press on your keyboard, this will enter Vim's "Insert" mode and can add text
Step 7. Enter the port number:
-
2095, 2096, 8000, 8001"
Do the same for the TCP_OUT section
Step 8. When done, hold down the (Ctrl) key on your keyboard and press the left bracket button ([)
This will take you out of Vim's "insert" mode.
Step 9. Save and exit the file
Hold down the (Shift) key and press (;). At the bottom, a colon (:) and a blinking cursor should appear.
Step 10. Type the letters (w) and (q), without spaces
These letters stand for –write and -quit
Step 11. Restart the firewall to apply the changes
- [root @ your server] csf >> service csf restart
-
Hit enter.
-
You will see this:
Step 12. Stopping CSF
Step 13. After that, you will see a bunch of IP addresses appear on the screen if they are blacklisted or whitelisted
Do not worry! These are all IPs that have been blacklisted or whitelisted and are put back into the firewall. It will only take five seconds (unless the list is really long).
Step 14. After that, you are done
Advice
- APF Directory: [root @ youroserver} ~ >> cd / etc / apf / Filename: conf.apf
- If you see an open door that you don't use, close it! Don't leave doors open for hackers!
- If you are using APF Firewall (Advanced Policy Firewall), you can follow this guide anyway. Just note that the APF Firewall configuration file is located in a different folder.
Warnings
- If you start opening doors at full blast, YOUR SERVER WILL BE HACKED! So make sure you don't make it easier for the bad guys. Only open the doors you use and close the ones you don't use.
- Restart your computer when done. Otherwise, any changes made to the configuration file will not be recognized by the firewall.
-
-