View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Why are my ports closed after a reboot?
Log in to Ask a Question

Why are my ports closed after a reboot?

Linode Staff

After my Linode was rebooted, I'm no longer able to access my services. nmap is showing that my firewall ports are closed. What happened, and how do I fix it?

2 Replies

Linode Staff

Generally speaking, if your ports were open, but are closed after a reboot, it indicates that your firewall rules were set, but not configured to persist through a reboot.

If you're using a distribution that uses FirewallD, such as CentOS, you'll want to use the --permanent flag with the firewall-cmd command. For example, to open a TCP port for public traffic and have it persist through a reboot, you can issue the following command, where $port number is the port you are opening:

sudo firewall-cmd --zone-public --add-port=$port_number/tcp --permanent

Don't forget to reload your firewall's ruleset after adding any rules you need:

sudo firewall-cmd --reload

Otherwise, if your distribution uses iptables, like Debian-based distributions, you can open the needed ports with commands like the following, where $protocol is either tcp or udp, and $port is the port number you are opening:

sudo iptables -A INPUT -p $protocol --dport $port -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

You'll then need to set the rules to persist through a reboot. :

sudo apt-get install iptables-persistent

If you have a bunch of ports to open, then to simplify the task, you could use a script like the following:

#!/usr/bin/env bash

# Hold ports to open in an array
# Replace 1 2 3 4 5 with the port numbers you need opened for each protocol:
declare -a tcp_ports=(1 2 3 4 5)
declare -a udp_ports=(1 2 3 4 5)

# Open the ports using the appropriate tool for your OS, as determined by
# evaluating '/etc/os-release'. There's probably a better way to do this,
# but it works for Linode's Debian and RedHat images
if [ "$(grep 'debian' /etc/os-release)" ]; then
    for i in "${tcp_ports[@]}"; do
        sudo iptables -I INPUT -p tcp --dport "${tcp_ports[$i]}" -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    done
    for i in "${udp_ports[@]}"; do
        sudo iptables -I INPUT -p udp --dport "${udp_ports[$i]}" -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    done

    # Persist rules through a reboot
    # You'll need to watch this part in Lish, as it uses a GUI and
    # requires user input
    sudo apt-get install iptables-persistent
elif [ "$(grep 'redhat' /etc/os-release)" ]; then
    # Open all TCP ports specified above
    for i in "${tcp_ports[@]}"; do
        sudo firewall-cmd --zone=public --add-port="${tcp_ports[$i]}/tcp" --permanent
    done

    # Open all UDP ports specified above
    for i in "${udp_ports[@]}"; do
        sudo firewall-cmd --zone=public --add-port="${udp_ports[$i]/udp" --permanent
    done

    # Reload the firewall
    sudo firewall-cmd --reload
fi

There are also other firewalls available, so if you are using something else, then the steps may be different for you.

What is the default in ubuntu? I was using ports without opening them before I upgraded to the latest ubuntu version, but now I can't use them. I tried "ufw disable", but that had no effect.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct