How can I close some specific port on Linux?

In Linux systems, blocking specific ports can be achieved through various methods, primarily by using firewall rules or directly stopping the service running on that port. Below, I will explain the specific steps and examples for both methods.

Method One: Using Firewall Rules

Using iptables

1. View existing iptables rules:

   bash
   sudo iptables -L

2. Add a rule to block incoming connections to the specific port (e.g., block port 8080):

   bash
   sudo iptables -A INPUT -p tcp --dport 8080 -j DROP

3. Save and reload iptables rules (commands may vary across different Linux distributions):

   bash
   sudo iptables-save

   Or, in some systems, you may need to use:

   bash
   sudo netfilter-persistent save
   sudo netfilter-persistent reload

Using firewalld (on systems supporting firewalld)

1. Check the current firewalld status:

   bash
   sudo firewall-cmd --state

2. Permanently block the specific port (e.g., block port 8080):

   bash
   sudo firewall-cmd --permanent --remove-port=8080/tcp

3. Reload the firewalld configuration:

   bash
   sudo firewall-cmd --reload

Method Two: Stopping the Service Running on the Port

1. First, identify which service is using the port:

   bash
   sudo lsof -i :8080

2. Stop the related service (e.g., nginx):

   bash
   sudo systemctl stop nginx

3. Disable the service from starting automatically:

   bash
   sudo systemctl disable nginx

By following these steps, you can effectively block specific ports on Linux, whether by directly managing the firewall or by managing the related services. Each method has its applicable scenarios, and choosing the right method depends on actual requirements and system environment.