About Linux FAQ

Browse More FAQs:

How To Reset Linux Firewall Automatically While Testing Configuration With Remote Server Over SSH Session

Posted by Vivek Gite [Last updated: July 6, 2008]

Q. I'd like to tell my Linux iptables firewall to flush out the current configuration every 5 minutes. This will help when I'm testing a new rules and configuration options. Some time I find myself locked out of my own remote server. How do I reset Linux firewall automatically without issuing hard reboot?

A. You can easily flush out current configuration using iptables command and shell script combo. There is no built in option for this kind of settings. So you need to write a small shell script and call it from crontab file.

Create a firewall reset shell script

Create a /root/reset.fw script:

#!/bin/bash
# reset.fw - Reset firewall
# set x to 0 - No reset
# set x to 1 - Reset firewall
x=0
 
# set to true if it is CentOS / RHEL / Fedora box
RHEL=false
 
### no need to edit below  ###
IPT=/sbin/iptables
 
if [ "$x" == "1" ];
then
	if [ "$RHEL" == "true" ];
	then
	      # reset firewall using redhat script
	      /etc/init.d/iptables stop
	else
		# for all other Linux distro use following rules to reset firewall
		$IPT -F
		$IPT -X
		$IPT -t nat -F
		$IPT -t nat -X
		$IPT -t mangle -F
		$IPT -t mangle -X
		$IPT -P INPUT ACCEPT
		$IPT -P OUTPUT ACCEPT
		$IPT -P FORWARD ACCEPT
	fi
else
        :
fi

Set permissions:
# chmod +x /root/reset.fw
Create cronjon to reset current configuration every 5 minutes, enter
# crontab -e
OR
# vi /etc/crontab
Append following settings:
*/5 * * * * root /root/reset.fw >/dev/null 2>&1
Please remember to set x to 0 once a working configuration has been created for your Linux system.

E-mail this to a friend      Printable version

Related Other Helpful FAQs:

Discussion on This FAQ

  1. Kevin Green Says:

    nice script, but you forgot the raw table
    also, i think it would be a good idea to reset the counters and delete any existing empty chains
    so

    iptables -F
    iptables -X
    iptables -Z
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -t mangle -Z
    iptables -t nat -F
    iptables -t nat -X
    iptables -t nat -Z
    iptables -t raw -F
    iptables -t raw -X
    iptables -t raw -Z

    cheers

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , , , , , , ,

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.