Redhat / CentOS / Fedora Linux Open TCP/UDP Ports

I have Red Hat Enterprise Linux 5 server with Iptabeles firewall enabled. I have started all services but don’t know how to open port using iptables. By default it is only allowing port ssh tcp port # 22. How do I open port 80 / 143 / 110 on Linux?

By default iptables firewall stores its configuration at /etc/sysconfig/iptables file on a RHEL/CentOS 5.x/6.x. You need to edit this file and add rules to open port number. This file only available under:

ADVERTISEMENTS

  1. Red Hat Enterprise Linux 3 / 4 / 5 and 6
  2. Old Red hat Linux version
  3. CentOS 4/5/6
  4. Older version of Fedora Linux

Let us see how to open a port in the firewall on CentOS or RHEL version 5.x/6.x and 7.x including the latest version of Fedora Linux 27 or above.

How to open TCP port 80 on a RHEL/CentOS Linux

Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Save and close the file. Restart iptables:
# /etc/init.d/iptables restart

Open port TCP port # 110 on a RHEL

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT

Open port 143 on a CentOS

Append rule as follows:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

Restart iptables service

Type the following command:
# service iptables restart

A note about opening a port on CentOS/RHEL 6

You can also use the iptable command as follows to open port 443:
# iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# service iptables save

A note about Red Hat Enterprise Linux 7.x and CentOS 7.x

Above commands or files won’t work on RHEL/CentOS 7.x or the latest version of Fedora Linux. To see current open ports, type:
# firewall-cmd --list-ports
Find list of zones:
# firewall-cmd --get-zones
Sample outputs:

block dmz drop external home internal public trusted work

To find about interface name use ip command:
$ ip a
Sample outputs:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc pfifo_fast state UP qlen 1000
    link/ether 42:01:0a:80:00:04 brd ff:ff:ff:ff:ff:ff
    inet 10.128.0.4/32 brd 10.128.0.4 scope global dynamic eth0
       valid_lft 79076sec preferred_lft 79076sec
    inet6 fe80::4001:aff:fe80:4/64 scope link 
       valid_lft forever preferred_lft forever

To get info about eth0 interface:
# firewall-cmd --get-zone-of-interface=eth0
Sample outputs:

trusted

Type the following command to open TCP port 80 for Apache/httpd server:
# firewall-cmd --permanent --add-port 80/tcp
To list open port again, type:
# firewall-cmd --list-ports
Sample outputs:

1191/tcp 80/tcp 22/tcp

To open port range between 2000-3000/tcp, enter:
# firewall-cmd --permanent --add-port 2000-3000/tcp
Command to start/stop/restart firewall:
# systemctl start firewalld
# systemctl stop firewalld
# systemctl restart firewalld
# systemctl status firewalld

Sample outputs:
How to open a port in the firewall on CentOS or RHEL

Verify that port is open

Run following command ss command/netstat command:
# netstat -tulpn | less
OR
# ss -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections by listing rules:
# iptables -L -n -v
Please refer to iptables man page for more information about iptables usage and syntax:
man iptables
man firewall-cmd

See also

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
45 comments… add one
  • Erion Budo Feb 12, 2008 @ 14:24

    Save and close the file. Restart iptables:
    # /etc/init.d/iptables restart

    How to close and save a file?????

    • Nuno Feb 17, 2011 @ 15:55

      LOL, if you can’t even navigate in a *nix environment why do you even bother with iptables?

      nevertheless you can do the following:

      1-insert rules you want
      2- press Esc
      3- press :
      4- wq
      5- Enter

  • cass Mar 19, 2008 @ 19:19

    save and close a file in VI
    hit ESC
    type :
    type x

    [ESC:X]

  • rich Oct 6, 2008 @ 17:28

    -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 587 -j ACCEPT

    hi i used this code in fedora 5 to open up the port 587 in my firewall so sendmail would work using this vi command below:

    vi /etc/sysconfig/iptables

    then i applied the changes and restarted the firewall as you metioned above, ok poped up for all selections. did i do this ok? let me know and thanks. rich.

  • Sam Dec 1, 2008 @ 8:28

    I wonder what is happening on my newly installed centos5.2 as all connections excepts icmp are periodically refused (up and down in un-orderly fashion)

    Please advice whats wrong; action taken
    #service iptables stop
    #chkconfig iptables off
    #chkconfig –del iptables
    #mkdir /backup
    #mv /etc/init.d/iptables /backup/
    #mv /etc/init.d/ip6tables /backup/
    #init 6

    Yet the connection refuse error keep on happening time to time(more frequently that connected)

  • 🐧 nixCraft Dec 1, 2008 @ 9:16

    Sam,

    You must be using another firewall script such as apf. Most hosting companies install something like this.

  • Paul May 1, 2009 @ 12:16

    Don’t forget to make sure the ACCEPT lines are before any REJECT lines

    • Moiz Kiyani Feb 8, 2012 @ 10:05

      MOVING the REJECTs to end of file or Above COMMIT Worked for me.

    • ketan Feb 9, 2012 @ 21:04

      Helped me too. Thanks

  • arijeet maji May 5, 2009 @ 6:54

    good site, helped me a lot to restart a port in linux 5

  • Craig Jun 10, 2009 @ 5:50

    An application that I use has an in-built Tcl webserver that uses ports 8015/8016. Is there a way to open these ports but at the same time restrict access to only selected IP addresses?

  • Wayne Jul 16, 2009 @ 23:33

    Sweet! I needed to open a port for the Sybase database server I installed on this box. Your instructions worked perfectly. Thanks for taking the time to post these instructions.

    Wayne

  • John Dondapati Aug 4, 2009 @ 18:06

    THank you so much buddy. That really helped.

  • Mikey Nov 10, 2009 @ 8:22

    Or, you can just run “system-config-securitylevel” and do it the easy way. :)
    I always hated iptables commands.

  • anggi May 26, 2010 @ 11:38

    thankyou now i can open port 80 :)

  • Jay Versluis Jul 19, 2010 @ 11:29

    I don’t seem to have a file called iptables.

    When I create it in /etc/sysconfig and add one of those lines at the top, I get an error upon restart saying

    “Applying iptables firewall rules: iptables-restore: line 1 failed”

    Deleting that file again and restarting the service works fine. Any ideas?

    • 🐧 nixCraft Jul 19, 2010 @ 11:55

      Add your lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain. Do not add them at the top of the file.

      • Ryan Schroeder Nov 1, 2013 @ 3:05

        For me, I needed to change the word RH-Firewall-1-INPUT to simply INPUT – I have CentOS 6.4. So, I ended up adding:

        -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

  • Jay Versluis Jul 19, 2010 @ 12:08

    Thanks Vivek–

    I found that by using “iptables -F” followed by “service iptables save” I can generate this file. It then contians several rules – however LOG and DROP are not mentioned.

    I’ve tried to add the lines in various places but get an error every time. I’m trying to accept incoming UDP traffic on a couple of ports for use with OSSEC.

  • craig Sep 10, 2010 @ 15:03

    the script line you advised for opening port 80 didn’t work for me!
    this worked

    -I INPUT -p tcp –dport 80 -j ACCEPT

    • Kunal sagar Jun 28, 2011 @ 5:07

      Thanks this one worked for me too

    • Ryan Schroeder Nov 1, 2013 @ 3:06

      Yup me too – needed to change RH-Firewall-1-INPUT to just INPUT

      -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

  • Glenndimes Jan 17, 2011 @ 0:04

    I’ve made use of this article twice in as many weeks. Thanks!

  • Anthony Jan 25, 2011 @ 5:45

    I am Trying To Install Camfrog Server ( Linux Version ) On My Linus CentOS I can Wget And Install The App But Is Stuck After This Point Does Anyone KNow How to Install This App?

  • Sam Feb 2, 2011 @ 4:05

    Hi iam totally a newbie to Linux, in my office i am assigned to this task which is install redhat enterprise server 5 and open up the ports 21,22 and 23 to someone else to access the box, he also needs to export the display to his machine as well, as this sounds “GREEK” to me, i need help from you guys to get this completed. pls tell me step by step what should i do?

  • Swati Apr 5, 2011 @ 7:28

    i need to access java web service which is running on Apache in linux at port 8080 from windows.

  • chella Apr 19, 2011 @ 20:14

    Thanks a lot Vivek.

  • zahir May 5, 2011 @ 12:13

    /etc/sysconfig/iptables-config: line 42: -A: command not found
    /etc/sysconfig/iptables-config: line 43: -A: command not found

    I am getting this error ????

  • Edson Jul 7, 2011 @ 9:50

    someone from outside my network is failing to access my linux server via SSH but i can access it using Putty from within my network. Nothing has changed on my router and there is no firewall in place to block the SSH connection, how can i allow that connection, the guy can ping the server and access other ports.

  • Deb Biswas Jul 14, 2011 @ 20:13

    This information was very useful/handy to me today (2011-07-14) , 5 years after you wrote this article (SEPTEMBER 13, 2007) ! Thank you so much VIVEK GITE. Please keep posing such useful stuff. Regards.

  • wupload Jul 17, 2011 @ 9:14

    thnx man work fine

  • Renee Gailey Jul 18, 2011 @ 7:23

    I edited my /etc/sysconfig/iptables file. adding in the ports I needed to open. I successfully saved and closed the file, verifying the ports were added to file by viewing the iptables file. I then went to restart it with commands listed above. I kept getting command not found. The first line of the file reads: # Firewall configuration written by system-config-securitylevel
    I am running RH Linux 2.6.18-53.el5. How do I stop and start the iptables process so the additional ports will take effect?

  • Pao Sep 13, 2011 @ 1:47

    Thanks Vivek!

  • Kyle Durelle Sep 16, 2011 @ 14:00

    Can somebody help me? im trying these methods and they dont work

    iptables: Setting chains to policy ACCEPT: filter [ OK ]
    iptables: Unloading modules: [ OK ]
    iptables: Applying firewall rules: iptables-restore: line 10 failed
    [FAILED]
    [root@ sysconfig]# nano iptables

    and this is what i have in the file

    # Generated by iptables-save v1.4.7 on Fri Sep 16 10:50:02 2011
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [13:1276]
    -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
    -A INOUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited
    COMMIT
    # Completed on Fri Sep 16 10:50:02 2011

  • Kyle Durelle Sep 16, 2011 @ 14:02

    There was a TYPO my bad but i still cant get port 80 to listen.

    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: filter [ OK ]
    iptables: Unloading modules: [ OK ]
    iptables: Applying firewall rules: [ OK ]
    [root@ sysconfig]# telnet localhost 80
    Trying ::1…
    telnet: connect to address ::1: Connection refused
    Trying 127.0.0.1…

  • Kyle Durelle Sep 16, 2011 @ 14:35

    sorry for the triple post after much googling and router configurations i figured it out

  • farrukh Oct 6, 2011 @ 15:25

    hi, thanks a bunch for an informative article. you literally saved my day today.
    thanks again.

  • Owais Akhlaq Oct 12, 2011 @ 8:35

    Dear All,

    I have installed a sever with CentOS 6.0 and then installed mySQL and PHP in it. Then i installed CPanel in it. After rebooting the system, my Login screen is disabled and i can only login via Putty software on port 22 , and can only see a console screen.
    My question is:
    How can i gain access to my cpanel ? i read in articles that cpanel is accessed via 2082 and 2083 ports. But both are seemed to be blocked.

    Thanks in advance. Please help

  • srqwebguy Dec 28, 2011 @ 15:12

    Terrific info. Very helpful. Thanks.

  • BBa Feb 12, 2012 @ 13:06

    thanks a lot. it worked perfectly
    God bless

  • cse Sep 6, 2012 @ 14:24

    Great !

    Thanks a lot !

  • Shrui Dec 6, 2012 @ 16:21

    Thank you so much dude. Both obvious and hard to troubleshoot that shit. God bless you :D

  • space Aug 8, 2014 @ 2:17

    Unless I am mistaken/wrong, Fedora 20 does not appear to have the /etc/sysconfig/iptables file. Locally (Fedora 20), I find of similar appearance an /etc/sysconfig/iptables-config file; the append steps listed in this article do not appear to logically fit the syntax of the /etc/sysconfig/iptables-config file.

    Will someone correct me, or may I put in a request for an updated version of this article? Many thanks!!

  • kobos Feb 26, 2015 @ 18:27

    thanks man very useful, resolved my problem

  • sajedul karim Jun 18, 2015 @ 20:08

    Sir You save my life using this command
    “-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT”

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.