How to open a TCP port 43 for whois command using iptables

Do you need to open a TCP port 43 for outgoing whois command for communication using iptables command? Fear not. You can add a rule to allow incoming or outgoing traffic on that specific port. Here’s an example of how to do it.

Advertisement

How to open a TCP port 43 for whois command using iptables

  1. Open a Linux or Unox terminal application.
  2. Type the following iptables command to list the current iptables rules. For example:
    $ sudo iptables -L
    $ sudo ip6tables -L
    $ sudo iptables-save | grep -i '43'
    $ sudo ip6tables-save | grep -i '43'
  3. You need to find the rule that allows traffic on TCP port # 43. If you don’t see a rule for port 43, you will need to add one to open communication for the whois command.
  4. To create a new rule for TCP port # 43, run the following command as the root user:
    $ sudo iptables -A INPUT -p tcp --dport 43 -j ACCEPT
    $ sudo ip6tables -A INPUT -p tcp --dport 43 -j ACCEPT
  5. You can also add comment for the iptables rules.. For instance:
    $ sudo iptables -A INPUT -p tcp --dport 43 -m comment --comment "Open whois access: " -j ACCEPT
  6. Next, you need to save the changes to the iptables rules. For example:
    $ sudo iptables-save > /etc/iptables/rules.v4
    $ sudo ip6tables-save > /etc/iptables/rules.v6

How does it works?

Here is a brief explanation of the commands used in this blog post.

  • sudo iptables -L : Run this command to lists the current IPv4 iptables rules.
  • sudo iptables -A INPUT -p tcp --dport 43 -j ACCEPT : This command creates a new rule that allows traffic on port 43.
  • sudo iptables-save > /etc/iptables/rules.v4 : Use the iptables-save command to save the changes to the iptables IPv4 rules to a file named /etc/iptables/rules.v4.

How do I find out which port is need to open or close for the whois?

Query the /etc/services using the grep command or egrep command as follows:
$ grep -E -w '43/(tcp|udp)' /etc/services
## OR ##
$ grep -w 'whois' /etc/services

Outputs:

whois		43/tcp		nicname

Opening outgoing TCP/43 port for the whois command communication

The syntax is as follow for outgoing traffic on TCP port 43. Type:
$ sudo iptables -L
# creates a new rule for outgoing traffic on TCP/43 port
$ sudo iptables -A OUTPUT -p tcp --dport 43 -j ACCEPT
$ sudo ip6tables -A OUTPUT -p tcp --dport 43 -j ACCEPT
$ sudo iptables-save > /etc/iptables/rules.v4
$ sudo ip6tables-save > /etc/iptables/rules.v6

On the latest versions of Linux distros, ufw or firewalld might not use iptables. Instead, they might use nftables, the next version of iptables.

A note about the ufw command

Open TCP port 43 using ufw as follows on a Debian or Ubuntu Linux:
$ sudo ufw allow 43/tcp
Verify that the rule was added successfully.
$ sudo ufw status verbose
To open outgoing TCP port 43, type:
$ sudo ufw allow out 43/tcp

A note about the firewall-cmd command (Firewalld)

Here is how to open TCP port 43 for whois communication using Firewalld on a CentOS, RHEL, Fedora, SUSE, OpenSUSE, Alma, Rocky and Oracle Linux:
$ sudo firewall-cmd --state
$ sudo firewall-cmd --permanent --add-port=43/tcp
$ sudo firewall-cmd --reload

Or you can use the following syntax:
$ sudo firewall-cmd --permanent --add-service=whois
$ sudo firewall-cmd --reload

Test it

Run the whois as follows:
$ whois {your-domain-here}
$ whois nixcraft.com

Here is what you can see:

   Domain Name: NIXCRAFT.COM
   Registry Domain ID: 86442648_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.namecheap.com
   Registrar URL: http://www.namecheap.com
   Updated Date: 2023-05-19T17:28:21Z
   Creation Date: 2002-05-10T07:28:24Z
   Registry Expiry Date: 2025-05-10T07:28:24Z
   Registrar: NameCheap, Inc.
   Registrar IANA ID: 1068
   Registrar Abuse Contact Email: abuse@namecheap.com
   Registrar Abuse Contact Phone: +1.6613102107
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1014.AWSDNS-62.NET
   Name Server: NS-1435.AWSDNS-51.ORG
   Name Server: NS-1885.AWSDNS-43.CO.UK
   Name Server: NS-497.AWSDNS-62.COM
   DNSSEC: signedDelegation
   DNSSEC DS Data: 22797 13 2 5511825786AEB3B9BFB84ACBFA8F4D26E6B8DA28B5FAA49400E627FD2F911721
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2023-07-17T20:10:04Z <<<
 
For more information on Whois status codes, please visit https://icann.org/epp
 
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
....
..

If your firewall rules not set correctly whois will return no data and error will be displayed as follows:

Timeout.

Summing up

How to open a TCP port 43 for whois command commication using iptables
I hope this helps to open TCP port 43 for whois command communication. Read the following manual pages using the man command or help command for more info. For example:
$ man iptables
$ man ip6tables
$ man iptables-save
$ man ip6tables

Related
Also, check all our complete firewall tutorials for Alpine Linux Awall, CentOS 8, OpenSUSE, RHEL 8, Debian 12/11, Ubuntu Linux version 16.04 LTS/18.04 LTS/20.04 LTS, and 22.04 LTS.

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.