≡ Menu

How to: Linux flush or remove all iptables rules

Here is a small script that does this. Debian or Ubuntu GNU/Linux does not comes with any SYS V init script (located in /etc/init.d directory). You create a script as follows and use it to stop or flush the iptables rules. Please don’t type rules at the command prompt. Use the script to speed up work.

Warning: All the commands must be executed with root privileges.

Procedure for Debian / Ubuntu Linux (Generic method)

First, create /root/fw.stop script using text editor such as vi:

echo "Stopping firewall and allowing everyone..."
## Failsafe - die if /sbin/iptables not found 
[ ! -x "$ipt" ] && { echo "$0: \"${ipt}\" command not found."; exit 1; }
$ipt -F
$ipt -X
$ipt -t nat -F
$ipt -t nat -X
$ipt -t mangle -F
$ipt -t mangle -X
$ipt iptables -t raw -F 
$ipt -t raw -X

Make sure you can execute the script:
# chmod +x /root/fw.stop

Run the script as root user:
# /root/fw.stop

How do I verify that my firewall rules are flushed out?

Type the following command:
# iptables -L -n -v
Sample outputs:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination

A note for RedHat (RHEL), CentOS and friends Linux user

Please note that RedHat Enterprise Linux (RHEL), Fedora and Centos Linux comes with pre-installed rc.d script, which can be used to stop the firewall, enter:
# /etc/init.d/iptables stop
# service iptables stop
Sample outputs:

A note about firewalld on CentOS 7/Fedora (latest)/RedHat Enterprise Linux 7.x+ user

Type the following command to stop and flush all rules:
# systemctl stop firewalld

Share this on:
{ 12 comments… add one }
  • JRivera September 20, 2008, 1:06 pm

    #/etc/init.d/iptables stop

    Thank you that just saved me much time.

  • Phil Nutzmeyer September 11, 2009, 6:26 pm

    Thanks!!! It saved my time too!

  • noob December 26, 2009, 4:26 pm

    should i run update-rc.d on the script in init.d ?
    Or will the script be run automatically when the system is booted up ?


  • phpmonk March 22, 2010, 11:48 am

    iptables normally starts when you start system
    ‘/etc/init.d/iptables status’ should show you rules of iptables running.

  • Relax June 6, 2011, 8:32 am

    iptables --flush
    iptables --delete-chain
    iptables --table nat --flush
    iptables --table filter --flush
    iptables --table nat --delete-chain
    iptables --table filter --delete-chain

  • rocksfrow October 26, 2011, 4:20 am

    In CentOS 5 I easily disable iptables after installation as root:

    #service iptables stop
    #chkconfig iptables off

    chkconfig ensures iptables doesn’t start up next boot.

  • Price October 5, 2012, 3:39 pm

    I have Fire iptables -F
    Now My VPS is not Responding I’m Thrown out of the VPS I have no Access to it Please Help

    • sholan February 6, 2014, 3:33 pm

      The problem is that those scripts are meant to be started not by a user and specially not line by line.

      The first command, iptables -F, flushes all chains of default table i.e. INPUT, OUTPUT and FORWARD, using any remote connection implies you’re using both INPUT and OUTPUT chains.

      If those chains have a DROP policy, you won’t be able to contact your server remotely anymore.

      To ensure note having problem, I would recommend to execute iptables -P ACCEPT commands stated at the end of the script first as it will first set your remote computer to accept connections by default.

      I know that this comment is more than a year old, but ppl could still have this issue.

      @NIXCraft, I would recommend to modify the script (you’re going permissive anyway) or, at least, warn people about this issue that is more than likely to occur.

      • Robert Fleming January 7, 2016, 8:36 pm

        Agreed. This page is currently my top Google hit for “linux firewall flush”, but as it’s written, it’ll lock the user out if executed line-by-line.

  • Nivas August 21, 2013, 11:58 am


    Im getting the following error:

    Stopping iptables: ERROR: Module ipt_addrtype does not exist in /proc/modules

  • Keijo April 12, 2016, 12:31 am

    Line 15 of the Debian script:
    $ipt iptables -t raw -F
    throws an error:
    Bad argument `iptables’

    Deleting `iptables’ and leaving the line like this:
    $ipt -t raw -F
    does the trick.


Security: Are you a robot or human?

Leave a Comment

   Tagged with: , , , , , , , , , , ,