After setting up the firewall, you should make sure that it really works. The best way to do this is to send a request to the selected port from a third party device. If the request passed, then the port is open, if a failure returned or the request was terminated, then the port is closed and the firewall works correctly.
To do this, we need any computer with Unix/Linux and the NetCat utility, it's available in almost every distro kit and you don't need to install it separately. This utility allows you to check both TCP and UDP ports.
Check one port using NetCat
For example, here is a command to check access to a port:
If you need to check the UDP port, then add the -u flag:
nc -zv ip port
nc -zvu ip port
The -z flag means that no data should be sent.If you don't set it, then after entering the command you'll receive a response whether or not it was possible to connect to the port, and then you will be prompted to enter data to send.
In this case, enter the data and press Enter to send. But this approach is rarely used, usually it is enough to check the availability of the port, so the -z flag is set.
The -v flag will allow you to see information about the scan result. Usage example:
Scan a range of ports using NetCat
Sometimes there is a need to scan a range of ports. To do this, enter the start and end port through a dash.
nc -zv ip port-port
Listen on a port with NetCat
Using NetCat, you can not only check the availability of ports and send text commands to them, but also listen on ports. To start listening on your computer's port, you need to run the command with the -l flag and the port number:
nc -l ip port
If something comes to the port, it will be printed in the terminal.Note that this command must be run as the root user.