---
title: Open/Close ports on Iptables - Linux
---

# Open/Close ports on Iptables - Linux

Iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Iptables almost always comes pre-installed on any Linux distribution.Having a properly configured firewall is very important for the overall security on your server.

In this article, We will share you the steps to open the ports in Iptables firewall in Ubuntu and Centos distribution

## Prerequisite
Sudo access to Ubuntu or Centos server with Iptable installed in it.

## Step 1 : List the current Iptables rules
Connect to your server with Sudo access and to list the current rules that are configured for iptables,Use below command

```bash
sudo iptables -L
```

We can see output as below, which will display all the rules that are configured currently

```bash
root@e2e:~# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:1167
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:zabbix-agent
Chain FORWARD (policy DROP)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@e2e:~#
```

## Step 2 : Backup the Iptables
Before proceeding with adding rules in Iptable, we need to take a backup of Iptable rules, Incase if any issue with configuration of Iptables we can restore the rules from backup.

Use below commands to save an Iptable rule

```bash
iptables-save > IPtablesbackup.txt
```

## Step 3 : Add/Remove an Iptable rule
Once we are aware of the rules that are currently configured, we can open a port in IPtables by adding a rule using below command.

```bash
sudo iptables -A INPUT -p tcp --dport xxxx -j ACCEPT
```

:::info Note
Replace xxxx with required port number you wish to open
:::

For example to open a Tomcat port 8080, We need to run below command.

```bash
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
```

This basically tells the Iptable to accept connection to Tomcat publicly.

You can view the same with iptables -L as mentioned on step1

```bash
root@:~# iptables -L
 Chain INPUT (policy DROP)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     icmp --  anywhere             anywhere
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:https
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:1167
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:zabbix-agent
 ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:tomcat
 Chain FORWARD (policy DROP)
 target     prot opt source               destination
 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination
 root@:~#
 ```

 If you wish to remove the rule that was recently added, You can use below command

```bash
sudo iptables -A INPUT -p tcp --dport xxxx -j DROP
```

If you do not wish to open port publicly,You can open port for a Single IP.

Use below command to open port only for Single IP

```bash
sudo iptables -A INPUT -p tcp -s your_server_ip --dport xxxx -j ACCEPT
```

:::info Note
Kindly Replace your_server_ip to the required IP in above command and Replace xxxx with the required port
:::

## Step 4 : Block Outbound Port

If you wish to remove the **Outbound Rule**, you can use below command.

```bash
iptables -A OUTPUT -p tcp --dport xxxx -j DROP
```

If you wish to remove the outbound rule for specific IP, you can use below command.

```bash
iptables -A OUTPUT -p tcp -d your_server_ip --dport xxxx -j DROP
```

:::info Note
Kindly Replace your_server_ip to the required IP in above command and Replace xxxx with the required port
:::

## Step 5 : Save the Iptable Rule
Once we have added the rules,We need to save the rules and make them permanent.If you are using Ubuntu You can use iptables-persistent and for Centos you use iptables save command

On Ubuntu 14.04 use the following commands to save/reload the iptables rules

```bash
sudo /etc/init.d/iptables-persistent save

sudo /etc/init.d/iptables-persistent reload
```

On Ubuntu 16.04 and Ubuntu 18.04 use the following commands

```bash
sudo netfilter-persistent save

sudo netfilter-persistent reload
```

If you are using centos,Use Below command

```bash
service iptables save
```

## Step 6 : Restore Iptables Backup

If there is any issue with your Iptables configuration rule, you can revert back the changes with below command and restore the file which was backed up in step2.

```bash
iptables-restore < IPtablesbackup.txt
```

## Conclusion
Following the above article will have helped you open/close the ports in your Linux system,Implementing a proper firewall iptables should always be considered high priority for your setup as it allows system-administrators to secure your system and allowing only the required ports publicly or restricting them to particular IP.


---