Game servers need specific network ports open so players can connect. This guide covers both Ubuntu/Debian's ufw firewall and RHEL's firewalld, plus your hosting provider's network settings.
Step 1: Check Your Server's Current Firewall Status
On Ubuntu/Debian, check if UFW is active:
sudo ufw status
On RHEL/CentOS:
sudo firewall-cmd --state
If either shows "inactive," you can skip the firewall config step, but your hosting provider's security group still needs the ports open (see Step 3).
Step 2A: Open Ports on Ubuntu/Debian (UFW)
Common game server ports:
- Minecraft: 25565 (TCP)
- CS:GO/CS2: 27015 (UDP)
- RUST: 28015 (UDP)
- Valheim: 2456–2458 (UDP)
- ARK: 27015 (UDP)
Replace PORT and PROTOCOL with your game's values. For a single port, run:
sudo ufw allow PORT/PROTOCOL
Example for Minecraft:
sudo ufw allow 25565/tcp
Example for CS:GO:
sudo ufw allow 27015/udp
For a port range (e.g., Valheim's 2456–2458):
sudo ufw allow 2456:2458/udp
Verify the port was added:
sudo ufw status numbered
Step 2B: Open Ports on RHEL/CentOS (firewalld)
On RHEL, use firewall-cmd. For a single port:
sudo firewall-cmd --permanent --add-port=PORT/PROTOCOL
sudo firewall-cmd --reload
Example for Minecraft:
sudo firewall-cmd --permanent --add-port=25565/tcp
sudo firewall-cmd --reload
Example for CS:GO:
sudo firewall-cmd --permanent --add-port=27015/udp
sudo firewall-cmd --reload
For a port range:
sudo firewall-cmd --permanent --add-port=2456-2458/udp
sudo firewall-cmd --reload
Verify the ports were added:
sudo firewall-cmd --list-all
Step 3: Open Ports in Your Hosting Provider's Firewall (Security Group)
Most VPS providers (DigitalOcean, AWS, Linode, Azure, etc.) also have a network-level firewall called a "Security Group" or "Firewall Rules."
Log into your hosting provider's control panel and:
1. Find your server's security group or firewall rules.
2. Add an Inbound Rule for each port your game server uses.
3. Set:
- Port: The port number (or range, e.g., 2456–2458)
- Protocol: TCP or UDP (match your game's requirement)
- Source: 0.0.0.0/0 (allow any IP) or a specific CIDR range if you want to restrict access
4. Save the rule.
Example in AWS EC2 Security Group:
- Type: Custom UDP
- Port Range: 27015
- Source: 0.0.0.0/0 (or ::/0 for IPv6)
Example in DigitalOcean Firewall:
- Protocol: UDP
- Ports: 27015
- Sources: All IPv4 (0.0.0.0/0)
Step 4: Test the Port is Open
Once configured, verify the port is reachable from the internet. On any machine (including your local PC), run:
nc -zv your-server-ip PORT
For UDP (replace PORT with your server's port):
nc -zvu your-server-ip PORT
Example:
nc -zv 203.0.113.45 25565
If open, you'll see succeeded or similar; if blocked, you'll get a timeout.
Alternatively, use telnet for TCP:
telnet your-server-ip PORT
Port Configuration Reference
Here are common defaults—always check your game's documentation:
| Game | Port | Protocol |
|------|------|----------|
| Minecraft | 25565 | TCP |
| CS:GO/CS2 | 27015 | UDP |
| RUST | 28015 | UDP |
| Valheim | 2456–2458 | UDP |
| ARK: Survival Evolved | 27015, 27016 | UDP |
| Team Fortress 2 | 27015 | UDP |
| Left 4 Dead 2 | 27015 | UDP |
| Palworld | 8211 | UDP |
Troubleshooting
Port test fails but firewall reports it's open? Check your hosting provider's security group—the provider's firewall takes priority.
Players can't connect even though the port is open? Ensure your game server process is actually running and bound to the correct port. Check with:
sudo netstat -tulpn | grep LISTEN
Look for your game server's process and confirm it's listening on the expected port.
Need to close a port? On UFW:
sudo ufw delete allow PORT/PROTOCOL
On firewalld:
sudo firewall-cmd --permanent --remove-port=PORT/PROTOCOL
sudo firewall-cmd --reload