In Linux, ports facilitate the communication of services over a network. The Linux services that accept incoming traffic (such as a web server) will listen for connections on a specific port. This port must be exposed in order for the service to receive the incoming connections.
However, there are times when we might be forced to close a specific port. For example, a service might be vulnerable due to poor configuration. As a result, attackers could take advantage of this compromise to exploit this service using its associated port. This is possible since most services usually have predefined ports they listen on – like SSH with port 22, HTTP with port 80, and many others. Therefore, it’s important we understand how to close an open port for security reasons.
So, to solve this issue, there is the option to block all ports by default and then open the specific port we’re interested in. However, we’ll take a different approach. In this tutorial, we’ll discuss how we can close a specific port from the Linux command line.
2. Displaying All Active Ports in Linux
$ sudo ss -tulpn | grep LISTEN tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=767,fd=14)) tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=931,fd=8)) tcp LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=58147,fd=7),("nginx",pid=58146,fd=7),("nginx",pid=58145,fd=7),("nginx",pid=58144,fd=7),("nginx",pid=58143,fd=7)) tcp LISTEN 0 50 *:1716 *:* users:(("kdeconnectd",pid=1869,fd=21)) tcp LISTEN 0 128 [::1]:631 [::]:* users:(("cupsd",pid=931,fd=7))
In the example above, we’re using the ss command with a number of options:
- -t – show all the TCP ports
- -u – present all the UDP ports
- -l – display listening ports
- -p – provide a service name and process ID (PID)
- -n – no use of DNS
These options provide the ss command with the additional instructions needed to help customize the output.
Now, let’s see how we can use this output in the closing of a specific port.
3. Closing a Specific Port With the systemctl Command
In this section, we’ll work with the systemctl command, which comes preinstalled in Linux.
The systemctl command provides an abstraction that allows system administrators to easily manage services. This means that we can use systemctl to start and stop services on our system. When we prevent a service from running, the port it was listening on is also closed.
Now, let’s work on closing port 80, which is currently open as per the output in the previous section. This means that we need to stop the Nginx service:
$ sudo systemctl stop nginx
Here, we’ve been able to terminate the Nginx service. However, this service will start again as soon as the system boots. Therefore, we need to make sure that this service remains disabled:
$ sudo systemctl disable nginx ... Executing: /lib/systemd/systemd-sysv-install disable nginx Removed /etc/systemd/system/multi-user.target.wants/nginx.service.
In the example above, we ensure that when we stop the Nginx service, it can’t start automatically after the system boot.
In this article, we discussed how to use the ss command to show active ports in Linux. Then, we used this output to select a specific port to work with. As a result, we were able to close that specific port with the help of the systemctl command.