Learn how to reset iptables to default settings. The default setting of iptable is to accept all for all types of connections.
In our last post, we saw iptables basics, where we learned about how iptables works, what are the policies, and how to configure iptables policies.
While working on iptables, if you get confused about policies and you need to start afresh then you need to reset iptables to default settings. By default, I mean to set accept all policy and flush any existing configured rules from settings.
In this article, we will walk through a set of commands to reset iptables to default settings. This can also be treated as how to reset firewall in Linux like ubuntu, centos, Redhat, Debian, etc. It’s a pretty simple 2 steps process.
Step 1 : Set accept all policy to all connections
Using the below set of commands you will set accept rule for all types of connections.
root@kerneltalks # iptables -P INPUT ACCEPT
root@kerneltalks # iptables -P OUTPUT ACCEPT
root@kerneltalks # iptables -P FORWARD ACCEPT
This will confirm, iptables gonna accept all requests for all types of connections.
Step 2 : Delete all existing rules.
Using below set of commands, delete your currently configured rules from iptables.
root@kerneltalks # iptables -F INPUT
root@kerneltalks # iptables -F OUTPUT
root@kerneltalks # iptables -F FORWARD
Or you can do it in single command –
root@kerneltalks # iptables -F
That’s it! Your iptables are reset to default settings i.e. accept all! Now, neatly and carefully design your policies and configure them.
I thought a default IPTables setup was drop all?
Nope. Default chain policy is ACCEPT. Or else how even root admin will able to connect server over SSH (port 22)!
What about the other tables (mangle, nat, raw)? 🙂
Also this graph is very useful to understand how IPTables works: https://en.m.wikipedia.org/wiki/Netfilter#/media/File%3ANetfilter-packet-flow.svg
Woah. Thats too much information for a beginners who comes here for quick command to reset all his iptable configuration mistakes!
If you say so but if a beginner copy-pasted commands that blocked him/her, he/she probably wants to reset everything ASAP, not only the part he/she can understand 🙂
I mean hiding the user there are other tables while he/she has a problem and wants to reset everything could be even more confusing.
And IPv6 is more and more used, especially with the small VPS
if you have no connectivity after dropping everything with the -F, then run the following:
sudo nano /etc/default/ufw
–> make sure that IPV6=yes
iptables -P INPUT ACCEPT;
sudo ufw reset;
sudo ufw disable;
sudo ufw default deny incoming;
sudo ufw default allow outgoing;
sudo ufw allow ssh;
sudo ufw allow http;
sudo ufw allow https;
sudo ufw enable;
sudo ufw status;
make sure its OK…
If you flush iptables the chains can drp the ssh access. For secure reset:
rm -f /etc/sysconfig/iptables
rm -f /etc/sysconfig/iptables.save
touch /etc/sysconfig/iptables
systemctl restart iptables
brother please help , how to block all outgoing tcp connections except for port 20000
Please heeeeeeeeeeeelp
I just ran iptables -F and every access to servers seems blocked !! I can’t even connect through SSH or even ping the IP. What should I do? :((
Thank you for this. My iptables config was hosed after trying proton VPN. This is the only thing that helped.