Celebrate Our 22nd Anniversary with Huge Savings! Up to 70% Off

  Categories

Affiliate Questions
37
Billing & Accounts
48
Client Area Tutorials
37
Cloud Hosting
27
Control Panels
772
Database Server
116
Dedicated Servers
11
Form Downloads
5
Mail Servers Tutorials
223
Miscellaneous Articles
236
Pre-Sales Questions
612
Video Tutorials
1
VPS Hosting
678
Web Hosting
181
Web Services
112
Website Migration
9
WordPress Hosting
211

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

How to Allow or Block the Port and IP Address using Firewalld, IP Tables, and UFW in Linux?

Print

The firewall plays a crucial role in managing incoming and outgoing network traffic on Linux systems. To control access and secure your system, you can employ different methods and commands to allow or block specific IP addresses and ports using various firewalls. Here is a compilation of these methods:

Firewalld

Firewalld is a firewall management tool in Linux OS that is configured with XML files. We can use the command-line interface of firewall-cmd to configure and manipulate firewall rules.

1. Allow incoming traffic to port 80 by using the command below –

# sudo firewall-cmd --zone=public --add-port=80/tcp

2. Allow incoming port 80 in the permanent firewall.

# sudo firewall-cmd --zone=public --permanent --add-port=80/tcp

3. Deny outgoing port number 25.
    The below-given command will block all the outbound connections from port 25.

# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp -d 127.0.0.1 --dport=25 -j ACCEPT

# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=25 -j REJECT

# firewall-cmd --reload

4. Deny incoming port number 80.
    The command below will deny all the traffic for port 80.

# sudo firewall-cmd --remove-port=80/tcp --permanent

5. Run the below-execute command to block an IP Address in Firewalld.
    Replace 192.168.2.152 with your IP Address.

# sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.2.152' reject"

6. Open the port for the specific IP Address in Firewalld and add the source IP Address and the port (3306) you want to open on your Linux local server. After that, reload the Firewalld settings to apply the changes. 

# firewall-cmd --zone=mariadb-access --add-source=192.168.2.152 --permanent

# firewall-cmd --zone=mariadb-access --add-port=3306/tcp  --permanent

# firewall-cmd --reload


IPtables

IPtables use a set of tables with chains containing a set of built-in or user-defined rules. Using these rules, we can filter the network traffic on Linux machines.

1. Run the below-given command to allow all incoming HTTP (port 80) connections. 

# sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

# sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT

The second command allows the outgoing traffic of established HTTP connections; it is required if the outbound policy is not set to ACCEPT.

2. Run the command given below to allow multiple incoming ports.
    The command given below will accept traffic from ports 22, 53, and 80.

# /sbin/iptables -A INPUT -p tcp --match multiport --dports 22,53,80 -j ACCEPT

3. Deny incoming port 80 using IPtables.
    The below command will deny all the incoming connections for port 80.

# /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP

# /sbin/service iptables save

4. Block an IP Address in IPtables.
    Replace 192.168.2.152 with your IP Address. 

# sudo iptables -A INPUT -s 192.168.2.152 -j DROP

5. Open port for specific IP Address in IPtables.
    Allow Incoming SSH from a specific IP Address or subnet.

# sudo iptables -A INPUT -p tcp -s 192.168.2.152 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

# sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

 

UFW – Uncomplicated Firewall

An uncomplicated Firewall (UFW) is suitable for host-based firewalls; it supports IPv4 and IPv6.

1. Allow incoming port 80.
The below-given command will allow all the traffic from port 80. 

# sudo ufw allow 80

2. Allow multiple incoming ports.
    The below command will allow the incoming traffic from ports 53, 80, and 443.

# sudo ufw allow 53,80,443

3. Deny incoming port 80.
    The below-given command will deny all the incoming traffic for port 80.

# sudo ufw deny 22

4. Deny outgoing port 25.
    The command below will deny all the outgoing traffic from port 25.

# sudo ufw deny out 25

5. Block an IP Address in UFW.
    You can block any IP Address for incoming traffic on your machine.

# sudo ufw deny from 192.168.2.152

6. Open port for specific IP Address in UFW.
The below-given command will open port 80 for the mentioned IP address. But, of course, you can also replace it with your IP Address.

# sudo ufw allow from 192.168.2.152 to any port 80

That's all.

Was this answer helpful?

Related Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS Apache is one of the internet's most favoured web servers, serving over half of all active... Locations of Common Log Files and Configuration Files for cPanel Services This article covers the configuration files and the log file locations of the most common cPanel... Fix: Exim error-exim dead but subsys locked Problem StatementThe php mail scripts were not working in Linux VPS. Error Messageexim dead but... How to Sync Time using NTP in the Ubuntu Server? Linux server users might have noticed that after adjusting the system clock to the correct... How to Generate a Certificate Signing Request (CSR) with OpenSSL? OpenSSL is used to generate a pair of private keys and public Certificate Signing Request (CSR)...
« Back

Copyright © 2003-2025 AccuWebHosting.com USA | Designed By: AccuWebTech.Com

chat