Comments on: How To Reset Linux Firewall Automatically While Testing Configuration With Remote Server Over SSH Session http://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/ Every answer asks a more beautiful question. Fri, 10 Feb 2012 19:55:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dan Gauthierhttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-62805 Dan Gauthier Sun, 25 Sep 2011 18:17:39 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-62805 Additional: If you're worried about knocking off your watch window, try SCREEN. It avoids all those nasty: '>/dev/null 2>&1 </dev/null &' stuff and gives you multiple screens at the same time that can't be knocked off. There's a simple reconnect command: 'screen -r'. Additional: If you’re worried about knocking off your watch window, try SCREEN.

It avoids all those nasty: ‘>/dev/null 2>&1 </dev/null &' stuff and gives you multiple screens at the same time that can't be knocked off. There's a simple reconnect command: 'screen -r'.

]]> By: Dan Gauthierhttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-62804 Dan Gauthier Sun, 25 Sep 2011 18:13:03 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-62804 Instead of messing with cron, there is an EASY way to rerun recurring events -- "watch". watch is intended for things like 'watch ls -l', but it also works great for things like: 'watch -n 30 killall -USR1 dd' or 'watch -n300 /etc/rc.d/rc.firewall.orig' :) Instead of messing with cron, there is an EASY way to rerun recurring events — “watch”.

watch is intended for things like ‘watch ls -l’, but it also works great for things like:

‘watch -n 30 killall -USR1 dd’
or
‘watch -n300 /etc/rc.d/rc.firewall.orig’ :)

]]> By: parbathttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-47680 parbat Tue, 08 Jun 2010 04:24:46 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-47680 wow great.. script.. thanks.. wow great.. script..

thanks..

]]> By: PeGa!http://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-47370 PeGa! Mon, 17 May 2010 17:18:05 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-47370 My approach to this kind of situations (after having been through a few ones) is to add a --failsafe parameter to my firewall scripts, which would run the (new) effective firewall rules with a 'sleep 20' after applying this new rules thus after 20 seconds, if I didn't break the countdown, the new firewall rules are wiped out. My approach to this kind of situations (after having been through a few ones) is to add a –failsafe parameter to my firewall scripts, which would run the (new) effective firewall rules with a ‘sleep 20′ after applying this new rules thus after 20 seconds, if I didn’t break the countdown, the new firewall rules are wiped out.

]]> By: Mihai RATZhttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-46954 Mihai RATZ Tue, 20 Apr 2010 12:46:32 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-46954 Alternative to cron is port knocking. Alternative to cron is port knocking.

]]> By: Erichttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-45618 Eric Tue, 19 Jan 2010 04:57:48 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-45618 I would just use the "save" command to make a copy of the iptable script. Then "restore" it via a cron command to the original script. This way you don't create an undefended system when you restore. I would just use the “save” command to make a copy of the iptable script. Then “restore” it via a cron command to the original script. This way you don’t create an undefended system when you restore.

]]> By: namehttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-44397 name Sat, 31 Oct 2009 13:43:05 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-44397 That's what iptables-apply is for. That’s what iptables-apply is for.

]]> By: kudahttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-41240 kuda Fri, 17 Apr 2009 09:25:44 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-41240 .... ### no need to edit below ### IPT=/sbin/iptables IPT6=/sbin/ip6tables if [ $x = 1 ]; then ..... otherwise bash will complain - unexpected character .... have a nice day! ….
### no need to edit below ###
IPT=/sbin/iptables
IPT6=/sbin/ip6tables

if [ $x = 1 ];
then
…..

otherwise bash will complain – unexpected character ….

have a nice day!

]]> By: Kevin Greenhttp://www.cyberciti.biz/faq/linux-iptables-firewall-flushout-configuration-every-5minutes/#comment-38237 Kevin Green Sun, 06 Jul 2008 12:49:12 +0000 http://www.cyberciti.biz/faq/?p=1169#comment-38237 nice script, but you forgot the raw table also, i think it would be a good idea to reset the counters and delete any existing empty chains so iptables -F iptables -X iptables -Z iptables -t mangle -F iptables -t mangle -X iptables -t mangle -Z iptables -t nat -F iptables -t nat -X iptables -t nat -Z iptables -t raw -F iptables -t raw -X iptables -t raw -Z cheers nice script, but you forgot the raw table
also, i think it would be a good idea to reset the counters and delete any existing empty chains
so

iptables -F
iptables -X
iptables -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z

cheers

]]>