One of the components that play a vital role in an operating system , in this case we talk about Linux, are the ports. These allow network packets and all communication to interact based on the rules that have been established..
Remember that a port essentially allows the system to be accessed or not locally or externally, for example, many applications use a specific port to access it with the syntax
http: // IP_address: port
So this port must be authorized in the Linux firewall.
In CentOS 8 it is very important to know how to manage ports to control network access and communications, which are based on associated ports and protocols.
What is a port
A port is constituted as a 16-bit number (0 to 65535) in order to identify an application or process in CentOS 8, or any operating system, and these are classified as:
- 0-1023: ports assigned as traditional ports.
- 1024 - 49151: They are registered system ports.
- 49152 - 65535: These are dynamic ports that are available for use.
To understand and see more this we can execute the following in CentOS 8:
cat / etc / services
There we find specific details such as:
- Port number and protocol used
Terms
Let's understand a little more these terms which TechnoWikis will tell you what they are and how they act:
- TCP (Transmission Control Protocol), is a protocol commonly known for tasks on the Internet since it sends packets back in order to confirm that what has been sent has been received, this guarantees the integrity of the signal.
- UDP (User Datagram Protocol), is a protocol similar to TCP, but this protocol ignores the verification of errors.
- Socket: The socket allows communication of different processes either on the local computer or on different computers
With this in mind we will learn to manage the ports in CentOS 8..
Know the current Firewall rules in CentOS 8
In the case of CentOS 8, the function that manages the Firewall rules is a firewall from where we can establish new zones and thus allow access or not of the services in the system, to know the current rules we execute the following:
iptables –L
There are different commands that will help us understand what ports are in the system, whether open or not, and TechnoWikis will explain each of them.
1. How to use netstat command in CentOS 8
Netstat (network statistics) is a command focused on network aspects such as interface statistics, routing tables and other parameters.
To know the ports we execute the following:
netstat -atu
The parameters used are:
Additional we can execute the following:
netstat -ltnp
The parameters used are:
Display addresses numerically
Display process identification and / or program name
We can run netstat -lunp to list the UDP protocols..
2. How to use the lsof command in CentOS 8
Step 1
The lsof (List of Open Files) command is a command that allows you to list all open files in CentOS 8, but it is useful to list the desired ports, for example, if we want to see all the processes of port 80 we execute the following:
lsof -i: 80
Step 2
There we find details such as service, PID, process, device, port status, etc. The lsof command gives us the opportunity to view all ports in listening status by executing the following:
lsof -n -P | grep LISTEN
Step 3
With lsof we can list only by type of protocol like this:
lsof -i tcp lsof -i udp
3. How to use the nmap command in CentOS 8
Nmap (Network Mapped) is a command that allows you to manage everything related to the network and for this case it is useful to visualize the ports and their status in CentOS 8, first, we must install it with the following command:
yum install nmap
Then we can execute the following:
nmap -sT -O localhost (For TCP protocol) nmap -sU -O localhost (For UDP protocol)
4. How to use the ss command in CentOS 8
SS is a command that allows us to manage CentOS 8 sockets, to list the ports with TCP and UDP protocols we will execute the following:
ss -lntu
5. How to open ports in CentOS 8
As mentioned, there is a need to open one or more ports to allow applications or connections to be authorized to access, in CentOS 8 we must use the following syntax to open a port:
firewall-cmd --zone = (zone) --add-port = (port #) / (protocol) –permanent
Step 1
For example, if the objective is to open port 200 and the type of protocol to be used, we must enter the following:
firewall-cmd --zone = public --add-port = 200 / tcp –permanent
To take into account, the –permanent parameter will make the port permanent, which activates the port when the session is started and the system will create the rule preventing us from registering it every time access is attempted.
Step 2
After this we apply the changes in the firewall by executing:
firewall-cmd –reload
6. How to open a service-based port in CentOS 8
Step 1
We have previously enabled a port based on its number, but it is possible to open a port based on its service (mysql, apache, https, etc.), for this we will use the following syntax:
firewall-cmd --permanent --zone = public --add-service = http (enable http service) firewall-cmd --permanent --zone = public --add-service = ftp (enable ftp service)
Step 2
After this we check the ports that we have opened by running:
firewall-cmd --list-all
There we found both services and ports in CentOS 8.
7. How to close a port in CentOS 8
Step 1
However, if for some reason we must close a port in CentOS 8 for security or management reasons, the first thing to do is to validate which ports we have open and CentOS 8, for this we will use the nmap command:
nmap localhost
Step 2
We validate the status of the Firewall:
iptables -L -n -v
Step 3
Now we close the port by running:
fuser -k port
For example:
fuser -k 22 / tcp
Step 4
Finally, if the plan is to block traffic on a specific port we will use the following syntax:
sudo ufw deny port / service
For example:
sudo ufw deny 200 / udp
Step 5
Traditional ports in Linux
Some of the most used ports in Linux which are authorized by IANA (Internet Assigned Numbers Authority) are:
- 1: TCP / tcpmux: TCP port service multiplexer.
- 5: TCP / rje: Remote work input.
- 7: Echo echo TCP service.
- 9: Null TCP discard service for connection tests.
- 11: TCP systat system status service to list the connected ports.
- 21: TCP FTP File Transfer Protocol (FTP) port.
- 22: TCP ssh Secure Shell (SSH) service.
- 25: TCP smtp Simple mail transfer protocol (SMTP).
To know in detail all the IANA ports you can go to the following official link:
Linux ports
You have learned to know, open and close ports in CentOS 8 in a dynamic and fully functional way with TechnoWikis.
