How to block specific ports on Linux

You may have some open ports on your Linux desktop PC that you do not want other users on the internet or your network to access. Unfortunately, most modern Linux operating systems do not come with an easy way to block these ports.

Installing the GUFW firewall on Linux

The GUFW firewall is the easiest way to manipulate port access on the Linux desktop. Why? It’s a simple GUI tool that allows you to control the powerful UFW firewall. However, it is not installed by default, so before we demonstrate how to use it to block specific ports, we must show you how to set it up on Linux.

To start the installation of GUFW on your Linux PC, open up a terminal window by pressing Ctrl + Alt + T or Ctrl + Shift + T on the keyboard. Then, once a terminal window is open, follow the command-line instructions outlined below that correspond with the Linux operating system you currently use.

Ubuntu

On Ubuntu Linux, the GUFW firewall application is installable using the following Apt command.

sudo apt install gufw

Debian

Are you a Debian Linux user? If so, you’ll be able to get the GUFW firewall app up and running with the following Apt-get command.

sudo apt-get install gufw

Arch Linux

Those on Arch Linux can get GUFW working with the Pacman tool, provided they have the “Community” software repository enabled.

sudo pacman -S gufw

Fedora

On Fedora Linux, you won’t be able to install GUFW by merely running the Dnf command. For whatever reason, the Fedora project does not make it easy to install the most popular GUI firewall tool. Instead, you must install the RPMSphere repository on your system with the following commands.

wget https://github.com/rpmsphere/noarch/blob/master/r/rpmsphere-release-32-1.noarch.rpm?raw=true -O rpmsphere-release-32-1.noarch.rpm
sudo dnf install rpmsphere-release-32-1.noarch.rpm

Once Fedora Linux has the RPMSphere third-party software repository set up, GUFW can be installed with Dnf.

sudo dnf install gufw

OpenSUSE

It is possible to install GUFW, but only on Tumbleweed. To get it working, do the following.

Note: if you use OpenSUSE LEAP and need to block a port, consider switching to one of the other Linux operating systems on this list. Alternatively, upgrade to OpenSUSE Tumbleweed.

sudo zypper addrepo https://ftp.lysator.liu.se/pub/opensuse/repositories/security/openSUSE_Tumbleweed/ security-x86_64

sudo zypper install gufw

Blocking ports with GUFW

Blocking a port with GUFW is very straightforward. To start the process of blocking a port with it, open up the app on your Linux desktop by searching for it in the app menu. Then, from there, follow the step-by-step instructions below.

Step 1: Enter your user account’s password in the authentication pop-up that appears when you run GUFW. You need to enter your user’s password, as GUFW cannot operate without elevated system privileges.

Step 2: Locate the “Status” slider in GUFW. By default, this slider is set to the off position, meaning the firewall is disabled. Click it to the on position, so that the GUFW firewall is up and running.

Step 3: Find the “Profile” drop-down menu. By default, the GUFW Firewall profile is set to “Home.” If you are setting up GUFW to block ports at your house, select “Home.” Otherwise, select “Office” or “Public.”

Step 4: Locate the “Rules” menu button. Can’t find “Rules?” It’s directly next to the “Home” icon underneath the “Outgoing” menu in the GUFW main UI.

Once inside of “Rules,” find the plus sign icon and click on it with the mouse to make a new rule in GUFW.

Step 5: Upon clicking on the plus sign icon, you will see a pop-up window. This pop-up window has three tabs. The “Preconfigured” tab allows users to select specific programs and video games to block in the firewall. The “Simple” tab allows users to create simple rules, and the “Advanced” tab allows for creating advanced ones. Select” Simple” with the mouse.

Step 6: In the “Simple” area, find the “Name” text-box, and write out a brief description of the new rule you’re about to create. The “Name” area is essential. Otherwise, you may forget what rules you made for GUFW in the future!

Step 7: Locate the “Policy” drop-down menu and change it from “Allow” to “Reject.” Setting it to “Reject” will block all attempts to use this port. Alternatively, set it to “Deny” to deny connections to it, or “Limit” to limit access to it.

Step 8: Find “Direction” and set it to “In.” Setting it to “In” will prevent users from connecting to this port. If you’d like to block the port in both directions, select “Both.”

Step 9: Find the “Port” text, box and write the port number in the text box in which you’d like to block access to on your Linux PC. Then, click “Add” to add the new rule to GUFW.

Upon clicking “Add” GUFW, will instantly enforce your new port blocking rule. Be sure to repeat these steps to deny access to multiple ports on your Linux PC!