- By default, only the port
22(i.e. SSH service port) is open to accept inbound traffic coming to server in all AWS EC2 instances. - However, all ports (1 to 65535) are open for the outbound traffic sending from server.
- By default, the firewall settings of EC2 servers are managed by AWS firewall, not by tools like
firewalldorufw. - If you need to open ports other than default SSH port 22 for listening incoming traffic coming to server, you need to do it using the EC2 management console.
Steps
- Navigate to EC2 management console > In the left side-bar, select NETWORK & SECURITY menu > select Security Groups.
- Select your EC2 instance > Actions drop down menu > select Edit inbound rules.
- In the inbound rule window, you can add/modify/delete the inbound rules of your EC2 instance. If you use already-available service protocols (like
SSH,HTTP), choose them. If the port is consumed by a custom service, you can mention it too.
// open port 80 for all incoming traffic from any IP (0.0.0.0/0)
Type: HTTP
Protocol: TCP
Port Range: 80
Source: Custom (0.0.0.0/0)
// open port 22 for all incoming traffic from any IP (0.0.0.0/0)
Type: SSH
Protocol: TCP
Port Range: 22
Source: Custom (0.0.0.0/0)
// enable ICMP traffic from anywhere - note that ICMP (i.e. Ping) traffic doesn't use port numbers, so there is no port for ping
Type: Custom ICMP rule - IPv4
Protocol: Echo Request
Port Range: N/A
Source: Anywhere (0.0.0.0/0, ::/0)
0.0.0.0/0- specify IPv4 traffic::/0- specify IPv6 traffic
| ✅ Tested OS's | : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+ |
|---|---|
| ✅ Tested Gear | : Cloud (AWS EC2) |
Leave a comment