Knowing how to open a port on Linux is a fundamental skill for hosting web servers, databases, game servers, APIs, or any custom application that needs incoming connections. In 2025–2026, with stricter security defaults and nftables gaining adoption, correctly opening ports while maintaining a secure posture is more important than ever.
This detailed guide shows you how to open a port on Linux safely using the most popular tools: ufw (Ubuntu/Debian), firewalld (RHEL/CentOS/Rocky/Fedora), and iptables/nftables. You’ll also learn how to check open ports on Linux, test connectivity, make rules persistent, and follow security best practices to avoid exposing your system unnecessarily.
Key Takeaways – How to Open a Port on Linux
- Check open ports on Linux first with ss -lntu or netstat -lntu to avoid conflicts.
- Well-known ports (0–1023) are reserved; use 1024+ for custom services when you open a port on Linux.
- ufw open port commands are simplest for Ubuntu/Debian users.
- firewalld add port with –permanent ensures rules survive reboots on RHEL-based systems.
- iptables open port offers maximum control but requires persistence tools.
- Test every change with nc, telnet, or nmap—opening a firewall port alone does not start a service.
- Always follow least-privilege: restrict source IPs, use default-deny, monitor logs.
Prerequisites
- Linux server (Ubuntu 22.04/24.04, Rocky Linux 9, Fedora, Debian, etc.)
- sudo/root access
- Basic terminal knowledge
Step 1: Check Open Ports on Linux Before Making Changes
Never open a port on Linux without first auditing what’s already listening.
Recommended 2025+ command:
sudo ss -lntup
- -l = listening only
- -n = numeric ports/IPs
- -t = TCP
- -u = UDP
- -p = show process/PID
Alternative (if ss not available):
sudo netstat -lntup
Check if your desired port (example: 4000) is free:
sudo ss -lntu | grep :4000
No output = port is available to open on Linux.
Step 2: How to Open a Port on Linux (TCP Port 4000 Example)
Choose a free port above 1023.
Option A: ufw open port (Ubuntu / Debian / Mint)
sudo ufw allow 4000/tcp # Single TCP port
# or range:
sudo ufw allow 4000:4010/tcp
sudo ufw reload
sudo ufw status numbered verbose
ufw rules are persistent by default.
Option B: firewalld add port (CentOS / RHEL / Rocky / Fedora / AlmaLinux)
sudo firewall-cmd --permanent --add-port=4000/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-ports
# or with zone:
sudo firewall-cmd --permanent --zone=public --add-port=4000/tcp
Option C: iptables open port (Any distro – legacy / advanced)
sudo iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
# Better: insert at top if default DROP policy
sudo iptables -I INPUT 1 -p tcp --dport 4000 -j ACCEPT
sudo iptables -L -v -n
Persist iptables:
# Ubuntu/Debian
sudo apt update && sudo apt install iptables-persistent
sudo netfilter-persistent save
Step 3: Test If the Port Is Successfully Opened on Linux
Firewall allows traffic, but a service must bind/listen.
- Start temporary listener:
nc -l -p 4000
2. Connect locally or remotely:
telnet localhost 4000
# or from another machine:
telnet your-server-ip 4000
3. Scan with nmap:
sudo nmap -p 4000 localhost
# or remote:
nmap your-server-ip -p 4000
Look for open state when a listener is active.
Step 4: Persisting Rules When You Open a Port on Linux
- ufw: Automatic persistence
- firewalld: Use –permanent + –reload
- iptables: iptables-persistent or iptables-save > /etc/iptables.rules
- nftables (modern replacement, Ubuntu 22.04+/Fedora):
sudo nft add rule inet filter input tcp dport 4000 accept
sudo nft list ruleset > /etc/nftables.conf
Linux Firewall Tools Comparison (2025–2026)
| Tool | Best For | Ease of Use | Persistence | Example to Open Port 4000 |
|---|---|---|---|---|
| ufw | Ubuntu/Debian beginners | ★★★★★ | Built-in | sudo ufw allow 4000/tcp |
| firewalld | RHEL/CentOS/Rocky enterprise | ★★★★☆ | –permanent | sudo firewall-cmd –permanent –add-port=4000/tcp |
| iptables | Fine-grained control | ★★☆☆☆ | Manual/tool | sudo iptables -A INPUT -p tcp –dport 4000 -j ACCEPT |
| nftables | Modern systems (future) | ★★★☆☆ | Config file | sudo nft add rule inet filter input tcp dport 4000 accept |
Common Mistakes When Opening a Port on Linux
- Forgetting to start a listening service → port shows filtered/closed in scans.
- Not using –permanent in firewalld → rule disappears after reboot.
- Opening without checking existing ports → conflict or security hole.
- Exposing sensitive ports publicly (3306 MySQL, 6379 Redis) → use VPN/SSH tunnel.
- No source restriction → add -s 192.168.1.0/24 or equivalent.
How to Open a Port on Linux – FAQ (2025–2026)
- How do I open a port on Linux? Use ufw, firewalld, or iptables (see Step 2 above).
- How to check open ports on Linux?sudo ss -lntup or sudo nmap -p- localhost.
- How to open port 22/443 on Linux?sudo ufw allow 22 / sudo ufw allow 443/tcp.
- Can I open a range of ports on Linux? Yes: sudo ufw allow 8000:9000/tcp or firewalld equivalent.
- Why is the port still closed after I open it on Linux? No process is listening—use nc -l -p port to test.
- Is it safe to open a port on Linux? Only necessary ports, restrict sources, monitor with fail2ban/auditd.
Summary
You now know exactly how to open a port on Linux securely and persistently using ufw, firewalld, iptables, or nftables. Always check open ports on Linux first, test with nc/nmap/telnet, restrict access, and audit regularly to keep your system secure.
Recommended Resources
- How to Use Netcat (nc) for Port Testing & File Transfer
- Nmap Tutorial: Scan for Open Ports & Vulnerabilities
- How to Set Up firewalld on Rocky Linux 9 / AlmaLinux
- nftables Beginner Guide (Modern iptables replacement)
