How To Reset Linux Firewall Automatically While Testing Configuration With Remote Server Over SSH Session
Q. I'd like to tell my Linux iptables firewall to flush out the current configuration every 5 minutes. This will help when I'm testing a new rules and configuration options. Some time I find myself locked out of my own remote server. How do I reset Linux firewall automatically without issuing hard reboot?
A. You can easily flush out current configuration using iptables command and shell script combo. There is no built in option for this kind of settings. So you need to write a small shell script and call it from crontab file.
Create a firewall reset shell script
Create a /root/reset.fw script:
#!/bin/bash # reset.fw - Reset firewall # set x to 0 - No reset # set x to 1 - Reset firewall x=0 # set to true if it is CentOS / RHEL / Fedora box RHEL=false ### no need to edit below ### IPT=/sbin/iptables if [ "$x" == "1" ]; then if [ "$RHEL" == "true" ]; then # reset firewall using redhat script /etc/init.d/iptables stop else # for all other Linux distro use following rules to reset firewall $IPT -F $IPT -X $IPT -t nat -F $IPT -t nat -X $IPT -t mangle -F $IPT -t mangle -X $IPT -P INPUT ACCEPT $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT fi else : fi
Set permissions:
# chmod +x /root/reset.fw
Create cronjon to reset current configuration every 5 minutes, enter
# crontab -e
OR
# vi /etc/crontab
Append following settings:
*/5 * * * * root /root/reset.fw >/dev/null 2>&1
Please remember to set x to 0 once a working configuration has been created for your Linux system.
E-mail this to a friend
Printable version
Related Other Helpful FAQs:
- Linux disable or remove the iptables firewall
- Start Iptables under Linux
- How do I Load / Start RHEL / CentOS / Fedora Linux Iptables Firewall on Computer Boot?
- Howto disable the iptables firewall in Linux
- Linux passive ftp not working problem and solution
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: firewall for linux, iptables command, linux firewall proxy, linux firewall server, linux firewall software, linux firewall tools, linux network firewall, stop iptables
July 6th, 2008 at 12:49 pm
nice script, but you forgot the raw table
also, i think it would be a good idea to reset the counters and delete any existing empty chains
so
iptables -F
iptables -X
iptables -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z
cheers