iptables -f lock me out

From WebHostingNeeds.com
Jump to: navigation, search

After i type

iptables -F

server goes down. Can't connect to web or ssh, seems all connection is locked by iptables.

SOLUTION

The chain policy for the firewall input chain will be set to DROP

check with iptables --list you will probably see

Chain INPUT (policy DROP)

[[email protected] ~]# iptables -L |grep Chain
Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy DROP)
Chain GALLOW (2 references)
Chain INVALID (2 references)
Chain INVDROP (10 references)
Chain LOGDROPIN (1 references)
Chain LOGDROPOUT (1 references)
[[email protected] ~]# 


If this is the case, before you run a flush, ensure you set the input chain policy to ACCEPT by running.

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
service iptables save

Then you will be able to run iptables -F without any problem.

When you try modifying firewall rules, better set a cronjob with following commands that run every 5 or 10 minutes, so if you get locked out, you will be able to get access again after the cronjob runs.

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F