How to open CDP Ports on Iptables in a Linux

Introductions

Iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Iptables almost always comes pre-installed on any Linux distribution.Having a properly configured firewall is very important for the overall security on your server.

In this article,We will share you the steps to open the ports in Iptables firewall in Ubuntu and Centos distribution

Prerequisite

Sudo access to Ubuntu or Centos server with Iptable installed in it.

Step 1 : List the current Iptables rules

Connect to your server with Sudo access and to list the current rules that are configured for iptables,Use below command

sudo iptables -L

We can see output as below,Which will display all the rules that are configured currently

root@e2e:~# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:zabbix-agent
Chain FORWARD (policy DROP)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@e2e:~#

Step 2 : Backup the Iptables

Before proceeding with adding rules in Iptable,We need to take a backup of Iptable rules, Incase if any issue with configuration of Iptables we can restore the rules from backup

Use below commands to save an Iptable rule

iptables-save > IPtablesbackup.txt

Step 3 : Add/Remove an Iptable rule

Once we are aware of the rules that are currently configured,We can open a port in IPtables by adding a rule using below command.

sudo iptables -A INPUT -p tcp --dport xxxx -j ACCEPT

Note

Replace xxxx with required port number you wish to open

For example to open a CDP port 1167,We need to run below command.

sudo iptables -A INPUT -p tcp --dport 1167 -j ACCEPT

This basically tells the Iptable to accept connection to CDP Port publicly.

You can view the same with iptables -L as mentioned on Step-1

root@:~# iptables -L
 Chain INPUT (policy DROP)
 target     prot opt source               destination
 ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     all  --  anywhere             anywhere
 ACCEPT     icmp --  anywhere             anywhere
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:https
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:1167
 ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:zabbix-agent
 Chain FORWARD (policy DROP)
 target     prot opt source               destination
 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination
 root@:~#

If you wish to remove the rule that was recently added,You can use below command4

sudo iptables -D INPUT -p tcp --dport xxxx -j ACCEPT

If you do not wish to open port publicily,You can open port for a Single IP.

Use below command to open port only for Single IP

sudo iptables -A INPUT -p tcp -s your_server_ip --dport xxxx -j ACCEPT

Note

Kindly Replace your_server_ip to the required IP in above command and Replace xxxx with the required port

Step 4 : Save the Iptable Rule

Once we have added the rules,We need to save the rules and make them permanent.If you are using Ubuntu You can use iptables-persistent and for Centos you use iptables save command

On Ubuntu 14.04 use the following commands to save/reload the iptables rules

sudo /etc/init.d/iptables-persistent save

sudo /etc/init.d/iptables-persistent reload

On Ubuntu 16.04 and Ubuntu 18.04 use the following commands

sudo netfilter-persistent save

sudo netfilter-persistent reload

If you are using Centos Use Below command

sudo service iptables save

Step 5 : Restore Iptables Backup

If there is any issue with your Iptables configuration rule,You can revert back the changes with below command and restore the file which was backed up in step2

iptables-restore < IPtablesbackup.txt

Conclusion

Following the above article will have helped you open/close the ports in your Linux system,Implementing a proper firewall iptables should always be considered high priority for your setup as it allows system-administrators to secure your system and allowing only the required ports publicly or restricting them to particular IP

Open CDP ports on Windows Firewall

Introduction:

Windows Firewall is an application of Microsoft windows that filters incoming/outgoing information of your system from the Internet and blocking potentially harmful programs.Users need to add a program to the list of allowed programs to allow it to communicate through the firewall. When using a public network, Windows Firewall can also secure the system by blocking all unsolicited attempts to connect to your computer.

In this article,We will explain you how to open a port in the Windows firewall for TCP access

Steps to open a port

Step 1 : On Start menu, click Run, type WF.msc, and then press Enter.

../../_images/win12.png

Step 2 : In Windows Firewall with Advanced Security Panel, in the left Pane, right-click Inbound Rules, and then click New Rule in the action panel.

../../_images/win32.png

Step 3 : You will get a Rule Type dialog box, select Port, and then click Next.

../../_images/win42.png

Step 4 : On Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number. Click Next. (Note: On below image 1167 is shown just for an example,You need to specify the port which you are opening)

../../_images/wncdpport1.png

Step 5 : In the Action dialog box, select Allow the connection, and then click Next.

../../_images/win611.png

Step 6 : In the Name dialog box, type a name and description for this rule, and then click Finish.

../../_images/wncdpport2.png