After the iptables -F and iptables -save , ssh access was lost. Ubuntu 16.04.5 server axis Ubuntu 16.04.5 server .
How to restore iptables to the previous form? and return access?
mkkik
3,223 1 golden mark 12 silver marks 32 bronze marks
Dmitriy Dmitriy
538 2 silver marks 13 bronze marks
- if restarting the machine does not help, then you need to connect to the console and do everything that is required. - aleksandr barakin 2:57 pm
- @alexanderbarakin, there is physical access to the machine, what do you need to do? =) - Dmitriy
- add the missing netfilter rules to neutralize the drop policy established for some (or several) chains. or change this (these) policy to accept. - aleksandr barakin
- @Dmitriy Prmer from my machine "-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT" - Hellseher
- @Hellseher thanks, this is the rule that the admins took down, I also need such chains for ports 21, 80, 443, I figured it all out. issue as an answer, I'll put a plus in your karma. - Dmitriy
|
1 answer
Designed in the form of a script, you can add your own ports.
Please note that these rules will work until the next reboot. Make sure that you do not have any third-party firewall that loads or resets the iptables settings
#!/usr/bin/env bash set -e [ "$(id -u)" = "0" ] || { echo "Run as root. Exit."; exit 1; } PORT_ALLOW=( 21 22 80 443 ) allow_ipv4_port() { local port="$1" iptables -A INPUT -p tcp -m tcp --dport "${port}" -j ACCEPT iptables -A INPUT -p udp -m udp --dport "${port}" -j ACCEPT } main() { for p in ${PORT_ALLOW[@]}; do allow_ip4_port "$p" done } main "$@" # End of script Links
Hellseher hellseher
2,596 5 silver marks 26 bronze marks
- Sorry, dear. A curious construction was used in the script using the link to github, for example
{% for rule in firewall_additional_rules %}could not explain how this works. Well, I mean, why and for what use curly brackets I (probably) represent. And this is how it works in combination with a percent sign, and a cycle divided into such blocks ... Thanks in advance. PS If necessary, I can issue a question. - Andrey - @AndreyKarpov look at what kind of repository is - Ansible template and playbook for raising firewall based on iptables. The lines where the rules are added, I rewrote under this question in the form of a script. This is
jinja2format. - Hellseher
|