How can I open a port on a CIS Linux Hardened Image?
Product Name
CIS Hardened Images® (AWS)
CIS Hardened Images® (Azure)
CIS Hardened Images® (Google Cloud Platform)
CIS Hardened Images® (Oracle Cloud)
Product Version
Linux
Date
Jul 23, 2020
Based on CIS Benchmark Recommendations, we implement iptables / nftables and by default only required ports are open. If you need to open another port for an application on a CIS Hardened Image, you can add a rule as per the below example.
Instructions
For systems using iptables:
Check the current iptables rules that are in place:
sudo iptables -L
Add a rule to iptables to allow, for example, an inbound TCP connection on port 8080:
sudo iptables -A INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT
If that solves the issue you can run the following command(s) so the rule persists after reboot.
CentOS, RedHat, Amazon Linux 2, OracleOS -
sudo service iptables save
Ubuntu and Debian -
sudo netfilter-persistent save ; sudo netfilter-persistent reload
For systems using nftables (such as Ubuntu 20.04 / 22.04 and RHEL9):
Review the currently applied nftables rules:
sudo nft list ruleset
Enable inbound port
8080
using the existing “inet filter” table:sudo nft insert rule inet filter input tcp dport 8080 accept
The changes will apply automatically.
Additional Information
Iptables Linux man page reference https://linux.die.net/man/8/iptables
nftables man page reference: https://www.netfilter.org/projects/nftables/manpage.html