Premise: first of all, you should know that the port does not exist independently, it is attached to the process. When a process is started, its corresponding port is opened, and when the process is closed, the port is closed. The next time the process is opened again, the corresponding port will be opened again. You can disable the port instead of simply closing it.

1. You can see which ports "netstat -anp" has opened.

(Note: adding the parameter' -n' will turn the application into port display, that is, address in digital format, such as NFS->; 2049，FTP-& gt； 2 1, so you can open two terminals, one corresponding to the port number of the program)

2. Then, you can check the programs that use this port through "lsof-i: $ port" ($ port refers to the corresponding port number). Or you can view the file /etc/services, from which you can find the service corresponding to the port.

(Note: some ports netstat cannot be found, and the more reliable method is "sudonmap-st-ololocalhost").

3. To close the port, you can:

1) Disable the port through the iptables tool, for example:

" sudo iptables-A INPUT-p TCP-dport $ PORT-j DROP "

" sudo iptables-A OUTPUT-p TCP-dport $ PORT-j DROP "

2) or close the corresponding application, the port will be closed naturally, such as:

"kill-9 PID" (PID: process number)

For example, through "netstat-ANP | grepsh"

The display is: tcp0127.0.0.1:21210.0.0: * listen7546/ssh.

Then: "kill -9 7546"

Very basic linux knowledge, according to the "linux should learn like this" system to learn!