Ubuntu: Stat / Stop / Restart Iptables Firewall Service

I am a new Ubuntu Linux version 12.04 LTS user. How do I stop or start iptables based firewall service on Ubuntu Linux using bash command line options?

You can type the following commands start / stop firewall service on Ubuntu based server or desktop.
Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements ufw/iptables
Est. reading time 5m
a] ufw command – This command is used for managing a Linux firewall and aims to provide an easy to use interface for the user.

b] iptables command – This command is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel.

Find status of firewall

Login as root user either by opening the Terminal or login over the ssh based session. Type the following command:
$ sudo ufw status
Sample outputs:

Status: inactive

Ubuntu stop iptables service command

Type the following command to unloads firewall and disables firewall on boot:
$ sudo ufw disable

Ubuntu start iptables service command

Type the following command to reloads firewall and enables firewall on boot:
$ sudo ufw enable

Ubuntu reload / restart iptables service command

Type the following command to reloads firewall:
$ sudo ufw reload

Alternative method to enable/disable firewall on Ubuntu and other Linux distros

If you are not using ufw command and/or ufw is not installed, try the following generic methods:

Get IPv4 iptables status

$ sudo iptables -L -n -v

Get IPv6 ip6tables status

$ sudo ip6tables -L -n -v

Save IPv4 iptables firewall

Use the iptables-save command to save current firewall rules:
$ sudo iptables-save > $HOME/firewall.txt

Save IPv6 ip6tables firewall

$ sudo ip6tables-save > $HOME/firewall-6.txt

Restore IPv4 iptables firewall

Use the iptables-restore command to restore firewall rules:
$ sudo iptables-restore

Restore IPv6 ip6tables firewall

$ sudo ip6tables-restore

Putting it all together

To stop Ipv4 based iptables firewall, enter:

sudo iptables-save > $HOME/firewall.txt
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

To stop Ipv6 based iptables firewall, enter:

sudo ip6tables-save > $HOME/firewall-6.txt
sudo ip6tables -X
sudo ip6tables -t mangle -F
sudo ip6tables -t mangle -X
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P OUTPUT ACCEPT


  1. -F : Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.
  2. -X : Delete the optional user-defined chain specified. There must be no references to the chain. If there are, you must delete or replace the referring rules before the chain can be deleted.
  3. -P chainNameHere ACCEPT : Set the policy for the chain to the given target.
  4. -L : List rules.
  5. -v : Verbose output.
  6. -n : Numeric output. IP addresses and port numbers will be printed in numeric format.
Recommend readings

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 5 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • Daniel Nov 12, 2013 @ 10:28

    There is a typo > in the ipv4 tables restore command example.

  • BroknDodge Nov 12, 2013 @ 15:58

    FLUSH is dangerous, it does delete all the rules but it does not change the default policy for each chain. That’s fine on a stock iptables config as the default policy is to ACCEPT. But, as is usually the case, what if the default policy for each chain has been changed to DROP and you FLUSH the tables while connected over SSH. OOPS!!!

    Don’t forget to specifically ACCEPT existing SSH sessions after flushing the rules or you will need a crashcart to get back into your remote server. I always use a script (a list of commands saved in a text file) to send commands to iptables. The following 2 commands are always the first 2 and last 2 in my script file. That will insure that my SSH connection doesn’t get killed.

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -p tcp --dport ssh -j ACCEPT

    The above 2 commands do 2 things, allow existing established connections to remain (your ssh session) and allow new ssh sessions (in case you get disconnected). The safest way to work with iptables is thru the use of script files rather than sending commands directly to the firewall. That way you can ensure the above two commands are always executed after a FLUSH.

    Although, after one too many (1 time is enough for me) 2am mad dashes across town to hook up a crash cart to one of my servers and open port 22, I will never FLUSH iptables… ever!

  • Andrew Apr 1, 2014 @ 15:15

    There’s another typo that’s caused me some difficulty –
    sudo ip6tables-save > $HOME/firewall.txt
    should be
    sudo ip6tables-save > $HOME/firewall-6.txt

    Anyone know where I can restore default settings for this, as I’ve lost iptables from the line above.

  • jerry Apr 15, 2015 @ 13:42

    $ sudo iptables-restore > $HOME/firewall.txt

    wrong > should be <

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum