Not able to reach host after giving iptables -F

Was trying to clear the firewall settings in my RedHat Linux server.

After giving iptables -F, I am not able to reach the server.

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:diamondport
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:33336
ACCEPT     sctp --  anywhere             anywhere             sctp dpts:1024:65535
ACCEPT     udp  --  anywhere             anywhere             udp dpt:gtp-user
ACCEPT     udp  --  anywhere             anywhere             udp dpts:6000:lm-x

 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# iptables -F

Please help me to resolve this.


When you run iptables -F, you are deleting every rule in every chain. However, each chain has a policy you are not deleting, which in your case is DROP for the INPUT chain. Therefore, you are deleting all rules and applying a DROP policy for any traffic not matching a rule, which means everything gets dropped.

You can confirm this by running: iptables -L -n. You should see something like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
[it's empty]

This is normal behavior. You could change the default policy, but it would lead to a completely different behavior in terms of security: traffic would be always accepted if there's no matching rule, which is probably not what you want.

The best thing is to avoid flushing and saving iptables policies as you modify them to make them persistent using iptables-save. This way, you can save the previous configuration and restore it (iptables-restore < rules.bak) or modify it as needed.