Opening a port of a azure VM through terminal of VM

Question

I have a vm up and running on azure. I want to open a port of that VM.

Currently I dont have access to azure portal. but I have access to the VM through ssh. I have all the permissions. Is it possible to open an inbound/outbound port to outside?

Answer 1

Outbound traffic is permitted by default.

The answer (inbound) really depends on whether an NSG was created and attached to your VM NIC. Unless the option was toggled in the portal during creation, or it was created using an ARM template with no NSG, then it will have one, which is the default.

The NSG acts as an access control list which can not be administered with native operating system tools unless you both (1) enabled the VM managed identity, and (2) granted permissions on the NSG for the managed identity to modify the resource. The process to do this is quite involved and probably inappropriate to write here since I don't see a valid use case for it.

To simply open up an inbound port in Linux you would use:

sudo iptables -A INPUT -p tcp --dport [PORT-HERE] -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport [PORT-HERE] -m conntrack --ctstate ESTABLISHED -j ACCEPT

If you don't have access to the portal to modify the NSG then someone else should be managing the firewall.

Answer 2

Generally speaking - no. But if your VM has a managed identity you can call the managed identity endpoint to get the token and use rest api calls with that token to do stuff in Azure, but this has to be preconfigured, so that your managed identity has permissions to perform these operations.