Score:1

Not able to reach host after giving iptables -F

fr flag

Was trying to clear the firewall settings in my RedHat Linux server.

After giving iptables -F, I am not able to reach the server.

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:diamondport
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:33336
ACCEPT     sctp --  anywhere             anywhere             sctp dpts:1024:65535
ACCEPT     udp  --  anywhere             anywhere             udp dpt:gtp-user
ACCEPT     udp  --  anywhere             anywhere             udp dpts:6000:lm-x

 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# iptables -F

Please help me to resolve this.

Score:2
my flag

When you run iptables -F, you are deleting every rule in every chain. However, each chain has a policy you are not deleting, which in your case is DROP for the INPUT chain. Therefore, you are deleting all rules and applying a DROP policy for any traffic not matching a rule, which means everything gets dropped.

You can confirm this by running: iptables -L -n. You should see something like this:

Chain INPUT (policy DROP)
target     prot opt source               destination
[it's empty]

This is normal behavior. You could change the default policy, but it would lead to a completely different behavior in terms of security: traffic would be always accepted if there's no matching rule, which is probably not what you want.

The best thing is to avoid flushing and saving iptables policies as you modify them to make them persistent using iptables-save. This way, you can save the previous configuration and restore it (iptables-restore < rules.bak) or modify it as needed.

Score:0
fr flag

After console reboot able to access the host machine. Thanks

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.