virtualMachine

Open or close server ports

Open server ports for remote access

IMPORTANT: Making this application’s network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

By default, the Bitnami virtual machine’s firewall is configured to allow access on any port(s) required by the application and the SSH port. This implies that ports 80, 443 and 22 are usually open by default.

To open a different port:

  • Log in to the server console.

  • Check which firewall program is installed in your system:

      $ sudo which nft >/dev/null && echo nftables is enabled in this system || echo ufw is enabled in this system
    
  • If ufw is the firewall program enabled in your machine, execute the following command to open a different port, replacing the PORT placeholder with the number of the port to be opened:

      $ sudo ufw allow PORT
    
  • If nft is the firewall program enabled in your machine, modify the /etc/nftables.conf file and add the following line inside the chain inbound block, replacing the PORT placeholder with the number of the port to be opened:

      chain inbound {
          ...
          tcp dport PORT accept
      }
    

    More information about modifying the firewall configuration is available on the nftables Wiki.

Close server ports and deny remote access

By default, the Bitnami virtual machine’s firewall is configured to allow access on any port(s) required by the application and the SSH port. This implies that ports 80, 443 and 22 are usually open by default.

To close an open port:

  • Log in to the server console.

  • Check which firewall program is installed in your machine:

    $ sudo which nft >/dev/null && echo nftables is enabled in this system || echo ufw is enabled in this system
    
  • If ufw is the firewall program enabled in your machine, execute the following command to close a port, replacing the PORT placeholder with the number of the port to be closed:

      $ sudo ufw deny PORT
    

    More information about modifying the firewall configuration is available on the Debian Wiki.

  • If nft is the firewall program enabled in your machine, modify the /etc/nftables.conf file and modify the following line inside the chain inbound block, replacing the PORT placeholder with the number of the port to be opened:

      chain inbound {
          ...
          tcp dport { 22, ..., PORT } accept
      }
    

    Replace the line and remove the port to be opened:

      chain inbound {
          ...
          tcp dport { 22, ... } accept
      }
    

    More information about modifying the firewall configuration is available on the nftables Wiki.

Last modification February 6, 2023