Managing VPS Ports for Security and Stability

1 month ago
nikolay
2 minutes

VPS Port Management Guide

🔹 Why It Matters

Ports are the “entry points” to your server — they handle connections for SSH, RDP, and web services.
Leaving unnecessary ports open can expose your system to attacks.
That’s why it’s essential to monitor which ports are open, closed, and which apps use them.

🧩 1. Checking Open Ports

🔸 On Linux VPS

sudo ss -tulnp

or

sudo netstat -tulnp

🔸 On Windows VPS

netstat -ano | find "LISTEN"

🧩 2. Opening and Closing Ports in Linux

🔸 Using UFW (Ubuntu/Debian)
Check status:

sudo ufw status

Close port:

sudo ufw deny 8080

Open port:

sudo ufw allow 22

Reload rules:

sudo ufw reload

🔸 Using iptables (universal method)
View active rules:

sudo iptables -L -n -v

Close port (example: 8080):

sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

Open port:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Save rules:

sudo netfilter-persistent save

or

sudo service iptables save

💡 iptables is a powerful tool suitable for VPS without a GUI.

🔸 Using firewalld (CentOS, RHEL, Fedora)
Start the service:

sudo systemctl start firewalld

sudo systemctl enable firewalld

View zones:

sudo firewall-cmd --get-active-zones

Close port:

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

Open port:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

Apply changes:

sudo firewall-cmd --reload

🧩 3. Configuring Ports on Windows VPS

  1. Open Control Panel → Windows Defender Firewall → Advanced settings
  2. In the left menu, select Inbound Rules
  3. Click New Rule…
  4. Choose Port → Next
  5. Enter the port number (e.g., 3389)
  6. Select:
    • Allow the connection — allow
    • Block the connection — block
  7. Name the rule → Finish

🧩 4. Verifying Changes

Linux:

sudo ufw status numbered

sudo iptables -L -n -v

sudo firewall-cmd --list-all

Windows:

Open the Monitoring tab in Firewall

External check:

nmap your_server_ip

🧩 5. Security Tips

  • Avoid opening unnecessary ports
  • Use a non-standard SSH port (e.g., 2222)
  • Protect SSH access with Fail2Ban
  • Regularly review your open ports
  • Use UFW or firewalld for simplicity; reserve iptables for complex setups
Leave a Reply 0

Your email address will not be published. Required fields are marked *