0

I have a server which is being kept behind a corporate firewall, so the corporate firewall takes care of all firewall issues. After making a fresh installation of the server, and setting the corresponding rules, the server allows traffic to the ports it should (PPTP, SSH, Web, FTP and allows forwarding of IP packages), but after a restart the changes are lost, and haven't been able to succesfully apply the rules again. What I think I should do is: 1) Somehow put the iptables and apparmor rules to the ones set after a fresh installation of the server. 2) Apply the changes so ip4 forwarding is allowed and SSH, VPN and Web ports are opened to LAN 3) Search for a way to keep the settings going even after a reboot of the system.

I need help to do points 1 and 3.

Luis M. Valenzuela
  • 107
  • 1
  • 1
  • 8
  • You can go to the default state by flushing all rules and set all policies to ACCEPT. Do a `iptables-save >ipts` and look at the first lines. – ott-- Sep 05 '13 at 19:00

1 Answers1

1

If you want to accept all traffic you can simply change policy to ACCEPT (INPUT, OUTPUT, FORWARD) by flushing iptables rules:

iptables -F

You can save your iptables configuration using the command:

/etc/init.d/iptables save

If you want to print your iptables rules you can type:

iptables-save

This command print saved configuration (more readable).

Or:

iptables -L
maayke
  • 711
  • 1
  • 6
  • 9
  • Note that simply flushing (`iptables -F`) does **NOT** change the default policies to ACCEPT, it "only" flushes all existing rules, leaving you with the set policy for everything on that chain. (If for example INPUT was set to DROP, then after `iptables -F` no input traffic whatsoever will be accepted!) While this answer works for most fresh installs (since those usually have all chains set to `ACCEPT`) as the OP asked for, it might lead to ssh-lockouts, etc. on other boxes (if you don't precede it with `iptables -P INPUT ACCEPT`, `iptables -P OUTPUT ACCEPT`, and `iptables -P FORWARD ACCEPT`). – Levite Aug 08 '14 at 06:09