Not able to reach host after giving iptables -F
Was trying to clear the firewall settings in my RedHat Linux server.
After giving iptables -F
, I am not able to reach the server.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:diamondport
ACCEPT tcp -- anywhere anywhere tcp dpt:33336
ACCEPT sctp -- anywhere anywhere sctp dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp dpt:gtp-user
ACCEPT udp -- anywhere anywhere udp dpts:6000:lm-x
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -F
Please help me to resolve this.
When you run iptables -F, you are deleting every rule in every chain. However, each chain has a policy you are not deleting, which in your case is DROP for the INPUT chain. Therefore, you are deleting all rules and applying a DROP policy for any traffic not matching a rule, which means everything gets dropped.
You can confirm this by running: iptables -L -n. You should see something like this:
Chain INPUT (policy DROP)
target prot opt source destination
[it's empty]
This is normal behavior. You could change the default policy, but it would lead to a completely different behavior in terms of security: traffic would be always accepted if there's no matching rule, which is probably not what you want.
The best thing is to avoid flushing and saving iptables policies as you modify them to make them persistent using iptables-save
. This way, you can save the previous configuration and restore it (iptables-restore < rules.bak
) or modify it as needed.