How to regain SSH access after beeing locked out by iptables?
TL:DR
I made changes to my iptables config and now SSH is refusing all connections. Can I fix this without contacting my hosting company?
Long Version
Ok, this is most likely 100% my own fault...
In preparation of moving a website to a dedicated server, we got a new hosted machine running CentOS 5.6. The machine has iptables pretty locked down, only allowing ssh(22) and http(80) but we also needed it to accept FTP over port 20 en 21.
This afternoon I added to lines to my iptables in order to accept incoming connection to ports 20 and 21. At first that didn't work because there was a reject all
line above the lines I added for ftp. So I moved that line down to the bottom, saved and restarted iptables and ftp was working.
2 hours later, when I try to connect again, port 22: Connection refused
Same for http.
So I can't get to the server through SSH, is there any way I can fix this without contacting my hosting company?
Unfortunately, no. Not unless you have some other management interface available like a remote serial console, iDRAC, iLO, etc. Chalk it up to experience and remember to test settings before you log out next time ;)
Assuming you can still ftp to the server, and you can log in as root via ftp (unlikely and ordinarily ill-advised) into a non-chrooted (etc) environment:
Put a file in /etc/cron.d with these contents:
* * * * * root /sbin/service iptables stop