View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How do I temporarily (or permanently) flush / wipe my iptables?
Log in to Ask a Question

How do I temporarily (or permanently) flush / wipe my iptables?

Linode Staff

I am having connection issues with my server, and I want to know if it is related to my service or my firewall. I would like to flush my iptables to either audit my rules or start from scratch. How can I go about this?

4 Replies

Linode Staff

First you'll want to backup your iptables rules in case you want to reload them or edit them later. You can do so with the following commands:

sudo iptables-save > /root/firewall.rules
sudo ip6tables-save > /root/firewall6.rules

Then you can flush your firewall rules with the following commands:

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT

Then you can check to see if you're still having an issue.

For reference if you need to restore the rules that we saved, you can do so with the following commands:

sudo iptables-restore < /root/firewall.rules
sudo ip6tables-restore < /root/firewall6.rules
Linode Staff

If you are using UFW, you may reset your UFW rules using the following command:

sudo ufw reset

UFW will automatically back up your existing rules, but in case you would prefer to do so yourself, you may back up your existing rules set by copying the following files to a secure, off-site location:

/etc/ufw/user.rules
/etc/ufw/user6.rules

Once you reset your UFW rules, UFW will disable itself. Before re-enabling UFW, I strongly advise allowing SSH connections:

sudo ufw allow ssh

If you are using a non-standard SSH port, you should specify so manually like this:

sudo ufw allow 23819/tcp

Be sure to replace 23819 with the actual TCP port number your SSH connection is using.

Once you re-allow your SSH connection through UFW, you should be able to safely re-enable UFW without locking yourself out of your Linode:

sudo ufw enable

You should now be enjoying a clean slate of UFW firewall rules which you may customize as you so please. For more information on UFW, you may consult this article from our Documentation:

How to Configure a Firewall with UFW

If you end up locking yourself out of your Linode, you may perform administrative tasks such as these from your Linode's Lish console using the information from this article:

Using the Linode Shell (Lish)

Linode Staff

I wanted to add a quick note to this for IPv6. When flushing the firewall, you should re-run the set of commands using ip6tables to flush the IPv6 firewall, as well:

sudo ip6tables-save > ip6tables.bak

sudo ip6tables -F
sudo ip6tables -X
sudo ip6tables -t nat -F
sudo ip6tables -t nat -X
sudo ip6tables -t mangle -F
sudo ip6tables -t mangle -X
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P OUTPUT ACCEPT

I flushes the iptables, reset the ufw, still only ports open are 3:

There is another firewall that I don't know, that is blocking things.

Starting Nmap 7.60 ( https://nmap.org ) at 2022-01-13 23:14 -05
Nmap scan report for mail.agencia.click (192.53.164.233)
Host is up (0.0000070s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https

Even activated the cloud firewall that open ports 21 and 25, but it is been ignoring this.

How could I disable that firewall? or all firewalls?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct