How to Check, Open, or Block a Port on Your Server?

How the Whole “Port” Thing Works

Think of the Internet as one huge hotel.
Your server sits in a single room.
Every room has many doors along the hallway.
Each door has a number.
That number is a port.
When you visit a web page your browser knocks on door 80 or door 443.
When you log in with Secure Shell you knock on door 22.
Some doors must stay open.
Some stay shut.
A few need a guard who decides who can pass.

Why You Should Bother

Crooks love open doors.
If they find one with no guard they walk in and mess up the place.
They look first at popular door numbers because those pay off fastest.
Keeping the right doors open and the wrong ones closed stops most break‑ins before they start.

Step 1 - Check Which Doors Are Open

On Windows

1. Tap the Start key.
2. Type cmd, press Enter.
3. In the black box type:

netstat ‑an | find ":"

You see a list of doors and their state: LISTENING (open) or CLOSE_WAIT (shut but not fully locked).

On Linux or macOS

1. Open Terminal.
2. Type:

sudo lsof -i -P -n

OR

ss -tulpn

The tool shows which program listens at each door.

Write the open numbers down.
Decide if each one still serves a real job.

Step 2 - Open a Door on Purpose

Sometimes an app needs a new doorway.

Windows Firewall

1. Hit Start, type Windows Defender Firewall.
2. Choose Advanced settings.
3. Pick Inbound Rules → New Rule.
4. Choose Port, type the number, pick TCP or UDP, press Allow.
5. Give the rule a name you will remember.

Linux with UFW (easy mode)

sudo ufw allow 25565
sudo ufw reload

Linux with firewalld (Red Hat style)

sudo firewall-cmd --add-port=25565/tcp --permanent
sudo firewall-cmd --reload

macOS

1. Open System Settings → Network → Firewall → Options.
2. Click Add and select the app that listens on that door.

Test from another computer with

telnet your‑server‑ip port‑number

If the prompt appears the door now works.

Step 3 - Shut or Block a Door If Needed

Close any number that no longer serves a task.

Windows

1. Go back to Inbound Rules.
2. Right‑click the rule.
3. Pick Disable or Delete.

UFW

sudo ufw deny 23
sudo ufw reload

firewalld

sudo firewall-cmd --remove-port=23/tcp --permanent
sudo firewall-cmd --reload

macOS

Delete the app from the firewall list.

Confirm with the same netstat, lsof, or ss check as we checked earlier.
The door should disappear from the open list.

Ports That Cause the Most Headaches

The list below comes from security write‑ups and search trends over the past year.

Door No.	Main Use	Common Problem	Quick Fix
22	Remote login	Bots try random passwords	Disable root login, use keys only
23	Old remote login (Telnet)	Sends data in clear text	Switch to 22 or shut it
20‑21	File moves (FTP)	Easy target for brute force	Use SFTP instead
25	Mail sending	Spam relays	Require auth or move to 587
53	Name look‑ups	Reflection attacks	Rate‑limit queries
80	Plain web	Injection and DDoS	Force traffic to 443
443	Secure web	Still hit by floods	Keep your TLS patched
137‑139, 445	File sharing in Windows	Worm spread and ransomware	Block from the Internet
3306	MySQL database	Data leaks	Bind to localhost or VPN only
3389	Remote Desktop	Weak passwords, ransomware	Restrict by IP or use a tunnel
8080, 8443	Proxy and alt web	Often forgotten test sites	Audit and patch
25565	Minecraft servers	DDoS and griefers	Use rate limits or whitelist
27017	MongoDB	Open data stores found by crawlers	Add auth and firewall rules
6379	Redis	Unauth write leads to shell	Bind local, set a passphrase

Keep a running note of which of these you expose.
Lock any you do not need today.

Extra Tips That Save Time

• Update often The app that listens on a door matters more than the number itself.
• Log first, block second Logging shows if you break something after a change.
• Use small steps Change one rule, test, then move on.
• Backups help If a fix goes wrong you can roll back fast.
• Automate checks Scripts that look at open doors each night catch surprises before attackers do.

Small habits keep the hallway tidy.
Your server stays calm, and you sleep better.