How to open CDP Ports on Iptables in a Linux¶
Iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Iptables almost always comes pre-installed on any Linux distribution.Having a properly configured firewall is very important for the overall security on your server.
In this article,We will share you the steps to open the ports in Iptables firewall in Ubuntu and Centos distribution
Sudo access to Ubuntu or Centos server with Iptable installed in it.
Step 1 : List the current Iptables rules¶
Connect to your server with Sudo access and to list the current rules that are configured for iptables,Use below command
sudo iptables -L
We can see output as below,Which will display all the rules that are configured currently
root@e2e:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:zabbix-agent Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@e2e:~#
Step 2 : Backup the Iptables¶
Before proceeding with adding rules in Iptable,We need to take a backup of Iptable rules, Incase if any issue with configuration of Iptables we can restore the rules from backup
Use below commands to save an Iptable rule
iptables-save > IPtablesbackup.txt
Step 3 : Add/Remove an Iptable rule¶
Once we are aware of the rules that are currently configured,We can open a port in IPtables by adding a rule using below command.
sudo iptables -A INPUT -p tcp --dport xxxx -j ACCEPT
Replace xxxx with required port number you wish to open
For example to open a CDP port 1167,We need to run below command.
sudo iptables -A INPUT -p tcp --dport 1167 -j ACCEPT
This basically tells the Iptable to accept connection to CDP Port publicly.
You can view the same with iptables -L as mentioned on Step-1
root@:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1167 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:zabbix-agent Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@:~#
If you wish to remove the rule that was recently added,You can use below command4
sudo iptables -D INPUT -p tcp --dport xxxx -j ACCEPT
If you do not wish to open port publicily,You can open port for a Single IP.
Use below command to open port only for Single IP
sudo iptables -A INPUT -p tcp -s your_server_ip --dport xxxx -j ACCEPT
Kindly Replace your_server_ip to the required IP in above command and Replace xxxx with the required port
Step 4 : Save the Iptable Rule¶
Once we have added the rules,We need to save the rules and make them permanent.If you are using Ubuntu You can use iptables-persistent and for Centos you use iptables save command
On Ubuntu 14.04 use the following commands to save/reload the iptables rules
sudo /etc/init.d/iptables-persistent save sudo /etc/init.d/iptables-persistent reload
On Ubuntu 16.04 and Ubuntu 18.04 use the following commands
sudo netfilter-persistent save sudo netfilter-persistent reload
If you are using Centos Use Below command
sudo service iptables save
Step 5 : Restore Iptables Backup¶
If there is any issue with your Iptables configuration rule,You can revert back the changes with below command and restore the file which was backed up in step2
iptables-restore < IPtablesbackup.txt
How to open CDP Ports with UFW on Ubuntu/Debian¶
UFW, or Uncomplicated Firewall, is an interface to iptables or frontend iptables manager that is geared towards simplifying the process of configuring a firewall or UFW, or uncomplicated firewall, is a frontend for managing firewall rules in Arch Linux, Debian, or Ubuntu.
Sudo access to Ubuntu or Debian server with Iptable installed in it.
UFW is part of the standard Ubuntu/Debian installation and should be present on your system. You can check ufw service running status through below mentioned commands
# systemctl status ufw
UFW is disabled by default. You can check the status of the UFW service with the following command:
# ufw status
# ufw status verbose
If UFW firewall is enabled on your Server node then you have to allow cdp-agent port in UFW also.
Rules can be added in two ways: By denoting the port number or by using the service name. You can open the port by specifying the port and protocol (TCP/UDP) in UFW Firewall.
For example, to allow both incoming and outgoing connections on port 1167 for CDP Backup, you can run
# ufw allow 1167
# ufw allow 1167/tcp
You can check the status of UFW at any time with the command: sudo ufw status. This will show a list of all rules, and whether or not UFW is active:
# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 1167 ALLOW Anywhere 10050 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 1167 (v6) ALLOW Anywhere (v6) 10050 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6)
Following the above article will have helped you open/close the ports in your Linux system,Implementing a proper firewall iptables should always be considered high priority for your setup as it allows system-administrators to secure your system and allowing only the required ports publicly or restricting them to particular IP
Open CDP ports on Windows Firewall¶
Windows Firewall is an application of Microsoft windows that filters incoming/outgoing information of your system from the Internet and blocking potentially harmful programs.Users need to add a program to the list of allowed programs to allow it to communicate through the firewall. When using a public network, Windows Firewall can also secure the system by blocking all unsolicited attempts to connect to your computer.
In this article,We will explain you how to open a port in the Windows firewall for TCP access
Steps to open a port¶
Step 1 : On Start menu, click Run, type WF.msc, and then press Enter.
Step 2 : In Windows Firewall with Advanced Security Panel, in the left Pane, right-click Inbound Rules, and then click New Rule in the action panel.
Step 3 : You will get a Rule Type dialog box, select Port, and then click Next.
Step 4 : On Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number. Click Next. (Note: On below image 1167 is shown just for an example,You need to specify the port which you are opening)
Step 5 : In the Action dialog box, select Allow the connection, and then click Next.
Step 6 : In the Name dialog box, type a name and description for this rule, and then click Finish.