Hello there!!1
I have recently done a research on how to add the port 8080/tcp in my system and list all the active ports in a text file called "zones.txt". I use a Linux Mint 20.1 XFCE system and I came across the apt-package named Uncomplicated Firewall. This package allows you to open ports on your system and makes them ready for use using ssh.
Here is a screenshot on how to progress with the procedures.
I am also attaching my GitHub gist which provides an detailed explanation on how to implement this in your system.
Task: Add port "8080/tcp" and verify by listing the ports currently listening or are active and append the output to "zones.txt".
Assigned by: GNU/Linux Users' Group, NIT DURGAPUR.
A correctly functioning firewall is the most crucial part of the complete Linux system security. By default, Debian and Ubuntu distribution comes with a firewall configuration tool called UFW (Uncomplicated Firewall), is a most popular and easy-to-use command line tool for configuring and managing a firewall on Ubuntu and Debian distributions.
To get started with Uncomplicated Firewall, you have to ensure that you have logged into your Ubuntu or Debian server with sudo user or with the root account.
┌─[ritabrata@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[~]
└──╼ $sudo su
[sudo] password for ritabrata:
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #UFW is usually pre-installed on your Debian or Ubuntu distribution packages. In case you don't have UFW installed, then install it using the APT package manager.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo apt-get install ufwOnce the installation is completed you can check the status of UFW.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #ufw statusOn first install, the UFW firewall is disabled by default, the output will similar to below.
Status: inactiveYou can activate or enable UFW firewall using the following command, which should load the firewall and enables it to start on boot.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw enableYou will get an output like below.
Firewall is active and enabled on system startupTo disable UFW firewall, use the following command, which unloads the firewall and disables it from starting on boot.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw disableIt will give the following output.
Firewall is inactive and disabled on system startupBy default, the UFW firewall denies every incoming connections and only allow all outbound connections to server. This means, no one can access your server, unless you specifically open the port, while all the running services or applications on your server can be able to access the outside network.
The default UFW firewall polices are placed in the /etc/default/ufw file and can be altered using the following command.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw deny incoming
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw allow outgoingWhen installing a software package using APT package manager, it will include an application profile in /etc/ufw/applications.d directory that defines the service and hold UFW settings.
You can list all available application profiles on your server using the following command.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw app listDepending upon software package installations on your system the output will look similar to the following:
Available applications:
CUPS
Nginx Full
Nginx HTTP
Nginx HTTPSIf you want to get more information about a particular profile and defined rules you can use the following command.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw app info 'Nginx Full'
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server
Ports:
80,443/tcpIf you’ve enabled UFW firewall by now, it would block all incoming connections and if you are connected to your server over SSH from a remote location, you will no longer able to connect it again.
Let’s enable SSH connections to our server to stop that from happening using the following command:
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw allow ssh
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw allow 8080/tcpTo block all SSH connections type the following command.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #sudo ufw deny 8080/tcp You can also open a specific port in the firewall to allow connections via it to a certain service like 8080/tcp (HTTPS).
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #ufw status
Status: active
To Action From
-- ------ ----
8080/tcp ALLOW Anywhere
8080 ALLOW Anywhere
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
CUPS ALLOW Anywhere
8080/tcp (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
CUPS (v6) ALLOW Anywhere (v6)The active ports can be listed using the netstat command. Before assigning any action on the port 8080/tcp the command gives the following output.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
udp 0 0 0.0.0.0:55684 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 192.168.43.214:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::47429 :::*
udp6 0 0 fe80::ae80:63de:c62:123 :::*
udp6 0 0 2409:4060:e81:12e0::123 :::*
udp6 0 0 2409:4060:e81:12e0::123 :::*
udp6 0 0 ::1:123 :::*
udp6 0 0 :::123 :::*
udp6 0 0 :::5353 :::* Let us assign a task to the port 8080/tcp.
┌─[root@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[/home/ritabrata]
└──╼ #ls | nc -l -p 8080Now view the acrive ports on your system, you will get the following:
┌─[ritabrata@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[~]
└──╼ $netstat -lntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
udp 0 0 0.0.0.0:55684 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 192.168.43.214:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::47429 :::*
udp6 0 0 fe80::ae80:63de:c62:123 :::*
udp6 0 0 2409:4060:e81:12e0::123 :::*
udp6 0 0 2409:4060:e81:12e0::123 :::*
udp6 0 0 ::1:123 :::*
udp6 0 0 :::123 :::*
udp6 0 0 :::5353 :::* To append the active ports in "zones.txt", use the following command, and view it in your text editor. (I use Sublime text editor).
┌─[ritabrata@ritabrata-VivoBook-ASUSLaptop-X409JB-X409JB]─[~]
└──╼ $netstat -lntu >> zones.txtNow go to the path where you have saved the "zones.txt" file, and you will get the list of all the active ports on your system.
Top comments (0)