How to Configure and Close Ports on a VPS Server

4 weeks ago
nikolay
2 minutes

Configuring ports on a VPS

🔹 Why it’s important

Ports are the “entry points” for connections to your server.
Leaving unnecessary ones open increases the risk of unauthorized access or attacks.
You should always control which ports are open, which are closed, and which services are using them.

🧩 1. Check Open Ports

🔸 On Linux VPS

sudo ss -tulnp

or

sudo netstat -tulnp

🔸 On Windows VPS

netstat -ano | find "LISTEN"

🧩 2. Close and Open Ports on Linux

🔸 Option 1: Using UFW (Ubuntu/Debian)

Check status:

sudo ufw status

Close port:

sudo ufw deny 8080

Open port:

sudo ufw allow 22

Reload rules:

sudo ufw reload

🔸 Option 2: Using iptables (universal method)

View current rules:

sudo iptables -L -n -v

Close port:

sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

Open port:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Save rules:

sudo netfilter-persistent save

or

sudo service iptables save

💡 Tip: iptables is very flexible and lightweight — perfect for servers without GUI.

🔸 Option 3: Using firewalld (CentOS, RHEL, Fedora)

Start service:

sudo systemctl start firewalld
sudo systemctl enable firewalld

List active zones:

sudo firewall-cmd --get-active-zones

Close port:

sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

Open port:

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

Apply changes:

sudo firewall-cmd --reload

🧩 3. Configure Ports on Windows VPS

  1. Open
    Control Panel → Windows Defender Firewall → Advanced settings
  2. In the left menu, select Inbound Rules
  3. Click New Rule…
  4. Choose Port → Next
  5. Enter the port number (e.g., 3389)
  6. Choose:
    • Allow the connection — to open
    • Block the connection — to close
  7. Name the rule → Finish

🧩 4. Verify the Changes

Linux:

sudo ufw status numbered
sudo iptables -L -n -v
sudo firewall-cmd --list-all

Windows:
 Check under Firewall → Monitoring

External check:

 nmap your_server_ip

🧩 5. Security Tips

  • Keep only required ports open
  • Change the default SSH port (e.g., 2222)
  • Use Fail2Ban for brute-force protection
  • Regularly audit your firewall rules
  • Prefer UFW or firewalld for ease of use