Run the following. It'll insert the rule at the top of your iptables and will allow all traffic unless subsequently handled by another rule.
iptables -I INPUT -j ACCEPT
You can also flush your entire iptables setup with the following:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
If you flush it, you might want to run something like:
iptables -A INPUT -i lo -j ACCEPT -m comment --comment "Allow all loopback traffic"
iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -m comment --comment "Drop all traffic to 127 that doesn't use lo"
iptables -A OUTPUT -j ACCEPT -m comment --comment "Accept all outgoing"
iptables -A INPUT -j ACCEPT -m comment --comment "Accept all incoming"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -m comment --comment "Allow all incoming on established connections"
iptables -A INPUT -j REJECT -m comment --comment "Reject all incoming"
iptables -A FORWARD -j REJECT -m comment --comment "Reject all forwarded"
If you want to be a bit safer with your traffic, don't use the accept all incoming rule, or remove it with "iptables -D INPUT -j ACCEPT -m comment --comment "Accept all incoming"", and add more specific rules like:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow HTTP"
iptables -I INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "Allow HTTPS"
iptables -I INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -m comment --comment "Allow SSH"
iptables -I INPUT -p tcp --dport 8071:8079 -j ACCEPT -m comment --comment "Allow torrents"
NOTE: They need to be above the 2 reject rules at the bottom, so use I to insert them at the top. Or if you're anal like me, use "iptables -nL --line-numbers" to get the line numbers, then use "iptables -I INPUT ..." to insert a rule at a specific line number.
Finally, save your work with:
iptables-save > /etc/network/iptables.rules #Or wherever your iptables.rules file is
2This answer finally ended my pain. This answer addresses the question "how do I just make #@$#% iptables do what I want it to do and only what I want it to do" The only improvement I would recommend is adding an example of forwarding a port. (ie, from 80 to 8080 and 443 to 8443) I think 99% of the questions about iptables would be answered in 1 single post. – Eric Hartford – 2014-10-01T18:41:51.503
A bit late getting back to this, but here it is. Redirecting traffic from one port to another: "iptables -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080". It's easy enough to adjust it to do whatever you want. The only requirement is that both ports must be open (via entries above this statement.)
Enjoy! – Alex Atkinson – 2015-01-23T18:05:32.417