How to open CDP Ports on Iptables in a Linux
Introductions
Iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Iptables almost always comes pre-installed on any Linux distribution.Having a properly configured firewall is very important for the overall security on your server.
In this article,We will share you the steps to open the ports in Iptables firewall in Ubuntu and Centos distribution
Prerequisite
Sudo access to Ubuntu or Centos server with Iptable installed in it.
Step 1 : List the current Iptables rules
Connect to your server with Sudo access and to list the current rules that are configured for iptables,Use below command
sudo iptables -L
We can see output as below,Which will display all the rules that are configured currently
root@e2e:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:zabbix-agent
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@e2e:~#
Step 2 : Backup the Iptables
Before proceeding with adding rules in Iptable,We need to take a backup of Iptable rules, Incase if any issue with configuration of Iptables we can restore the rules from backup
Use below commands to save an Iptable rule
iptables-save > IPtablesbackup.txt
Step 3 : Add/Remove an Iptable rule
Once we are aware of the rules that are currently configured,We can open a port in IPtables by adding a rule using below command.
sudo iptables -A INPUT -p tcp --dport xxxx -j ACCEPT
Note
Replace xxxx with required port (1167) number you wish to open
For example to open a CDP port 1167,We need to run below command.
sudo iptables -A INPUT -p tcp --dport 1167 -j ACCEPT
This basically tells the Iptable to accept connection to CDP Port publicly.
You can view the same with iptables -L as mentioned on Step-1
root@:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1167
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:zabbix-agent
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@:~#
If you wish to remove the rule that was recently added,You can use below command4
sudo iptables -D INPUT -p tcp --dport 1167 -j ACCEPT
If you do not wish to open port publicily,You can open port for a Single IP.
Use below command to open port only for Single IP
sudo iptables -A INPUT -p tcp -s cdp_server_ip --dport 1167 -j ACCEPT
Note
Kindly Replace cdp_server_ip to the required IP (172.16.107.245) in above command
Step 4 : Save the Iptable Rule
Once we have added the rules,We need to save the rules and make them permanent.If you are using Ubuntu You can use iptables-persistent and for Centos you use iptables save command
On Ubuntu 14.04 use the following commands to save/reload the iptables rules
sudo /etc/init.d/iptables-persistent save
sudo /etc/init.d/iptables-persistent reload
On Ubuntu 16.04 and Ubuntu 18.04 use the following commands
sudo netfilter-persistent save
sudo netfilter-persistent reload
If you are using Centos Use Below command
sudo service iptables save
Step 5 : Restore Iptables Backup
If there is any issue with your Iptables configuration rule,You can revert back the changes with below command and restore the file which was backed up in step2
iptables-restore < IPtablesbackup.txt
How to open CDP Ports with UFW on Ubuntu/Debian
UFW, or Uncomplicated Firewall, is an interface to iptables or frontend iptables manager that is geared towards simplifying the process of configuring a firewall or UFW, or uncomplicated firewall, is a frontend for managing firewall rules in Arch Linux, Debian, or Ubuntu.
Sudo access to Ubuntu or Debian server with Iptable installed in it.
UFW is part of the standard Ubuntu/Debian installation and should be present on your system. You can check ufw service running status through below mentioned commands
# systemctl status ufw
UFW is disabled by default. You can check the status of the UFW service with the following command:
# ufw status
or
# ufw status verbose
Note
If UFW firewall is enabled on your Server node then you have to allow cdp-agent port in UFW also.
Rules can be added in two ways: By denoting the port number or by using the service name. You can open the port by specifying the port and protocol (TCP/UDP) in UFW Firewall.
For example, to allow both incoming and outgoing connections on port 1167 for CDP Backup, you can run
# ufw allow 1167
or
# ufw allow 1167/tcp
You can check the status of UFW at any time with the command: sudo ufw status. This will show a list of all rules, and whether or not UFW is active:
# ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
1167 ALLOW Anywhere
10050 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
1167 (v6) ALLOW Anywhere (v6)
10050 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Conclusion
Following the above article will have helped you open/close the ports in your Linux system,Implementing a proper firewall iptables should always be considered high priority for your setup as it allows system-administrators to secure your system and allowing only the required ports publicly or restricting them to particular IP
Open CDP ports on Windows Firewall
Introduction:
Windows Firewall is an application of Microsoft windows that filters incoming/outgoing information of your system from the Internet and blocking potentially harmful programs.Users need to add a program to the list of allowed programs to allow it to communicate through the firewall. When using a public network, Windows Firewall can also secure the system by blocking all unsolicited attempts to connect to your computer.
In this article,We will explain you how to open a port in the Windows firewall for TCP access
Steps to open a port
Step 1 : On Start menu, click Run, type WF.msc, and then press Enter.
Step 2 : In Windows Firewall with Advanced Security Panel, in the left Pane, right-click Inbound Rules, and then click New Rule in the action panel.
Step 3 : You will get a Rule Type dialog box, select Port, and then click Next.
Step 4 : On Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number. Click Next. (Note: On below image 1167 is shown just for an example,You need to specify the port which you are opening)
Step 5 : In the Action dialog box, select Allow the connection, and then click Next.
Step 6 : In the Name dialog box, type a name and description for this rule, and then click Finish.
