How To Clear All iptables Rules

1 2 3 4 5 6 7 |
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X |
![]() |
1 2 3 4 5 6 7 |
iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -t nat -F iptables -t mangle -F iptables -F iptables -X |
I wanted to save the iptables list to disk, but got an error when I tried: # service iptables save The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. The solution was to install the iptables-services package: # yum install iptables-services […]
All credit to Matt Wilcox for this excellent article, for which this post is based – thank you, Matt! https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables/ All commands run as root!
1 2 3 4 |
yum install -y ipset vi blockchina (see below for contents) chmod 755 blockchina ./blockchina |
Do this once only:
1 |
iptables -A INPUT -p tcp -m set --match-set china src -j DROP; service iptables save |
Then add blockchina to the root cron
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
#!/bin/sh # # blockchina # DIR=/etc # Create the ipset list ipset -N china hash:net # remove any old list that might exist from previous runs of this script rm $DIR/cn.zone # Pull the latest IP set for China wget -P $DIR http://www.ipdeny.com/ipblocks/data/countries/cn.zone # Add each IP address from the downloaded list into the ipset 'china' for i in $(cat $DIR/cn.zone ); do ipset -A china $i; done # Update iptables service iptables restart |
List current iptables entries: iptables -L /etc/init.d/firewall stop ~or~ /etc/init.d/iptables stop ~or~ fwstop.sh
1 2 3 4 5 6 7 8 9 10 11 |
#!/bin/sh echo "Stopping firewall and allowing everyone..." iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT |
As a webmaster of over a decade, sometimes the load on my server spikes high. Investigation discovered that various bad guys on the Internet were probing/attacking my server on a regular basis. Step One – Be Aware Read your apache logs Actively monitor your servers. I use Nagios running on my home server. Use top […]