iptables -F lock me out

After i type

iptables -F

server goes down. Can’t connect to web or ssh, seems all connection is locked by iptables.

SOLUTION

This is because the chain policy for the firewall input chain was set to DROP

check with “iptables –list” you will see “Chain INPUT (policy DROP)”.

[root@server52 ~]# iptables -L |grep Chain
Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy DROP)
Chain GALLOW (2 references)
Chain INVALID (2 references)
Chain INVDROP (10 references)
Chain LOGDROPIN (1 references)
Chain LOGDROPOUT (1 references)
[root@server52 ~]# 

If this is the case, before you run a flush, ensure you set the input chain policy to ACCEPT by running.

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
service iptables save

Then you will be able to run iptables -F without any problem.

When you try modifying firewall rules, better set a cronjob with following commands that run every 5 or 10 minutes, so if you get locked out, you will be able to get access again after the cronjob runs.

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

See iptables

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *