Skip to main content

Raymii.org Raymii.org Logo

Quis custodiet ipsos custodes?
Home | About | All pages | Cluster Status | RSS Feed | Gopher

Reset iptables to ACCEPT all (backup and remove all existing rules)

Published: 03-09-2016 | Author: Remy van Elst | Text only version of this article


❗ This post is over five years old. It may no longer be up to date. Opinions may have changed.

Here's a small bash script that removes all iptables rules and sets up a default ACCEPT ALL state. Before the reset, it creates a backup of the current rules. I use this often to troubleshoot servers with networking issues. If you just blindly do an iptables -F you might lock yourself out of a server since the INPUT policy might be DROP.

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

Save the script to something like iptables-reset.sh and run it:

#!/bin/bash
set -x # Echo
set -e # Stop on error
set -o noclobber # Dont overwrite files with redirection

iptables-save > iptables.$(date +%s)

echo "iptables saves to iptables.$(date +%s)"

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

    echo done

It will not only save the current rules, but it will also echo out all the commands so you can see what happened in your terminal history.

Tags: bash , blog , firewall , iptables