Tips - How to disable iptables firewall temporarily

Tips - How to disable iptables firewall temporarily

Learn how to disable iptables firewall in Linux temporarily for troubleshooting purpose. Also learn how to save policies and how to restore them back when you enable firewall back.
Richard Balog©

Sometimes you have the requirement to turn off iptables firewall to do some connectivity troubleshooting and then you need to turn it back on. While doing it you also want to save all your firewall policies as well. In this article, we will walk you through how to save firewall policies and how to disable/enable iptables firewall.

  1. Save iptables policies
  2. Stop/disable iptables firewall
  3. Restore firewall policies

Save iptables policies

The first step while disabling iptables firewall temporarily is to save existing firewall rules/policies. iptables-save command lists all your existing policies which you can save in a file on your server.

sudo iptables-save > /root/firewall_rules.backup

Stop/disable iptables firewall

For older Linux kernels you have an option of stopping service iptables with service iptables stop but if you are on the new kernel, you just need to wipe out all the policies and allow all traffic through the firewall. This is as good as you are stopping the firewall.

Use below list of commands to do that.

sudo iptables -F
sudo iptables -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT

Where :

  • -F : Flush all policy chains
  • -X : Delete user defined chains
  • -P INPUT/OUTPUT/FORWARD : Accept specified traffic

Once done, check current firewall policies. It should looks like below which means everything is accepted (as good as your firewall is disabled/stopped)

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Restore firewall policies

sudo iptables-restore < /root/firewall_rules.backup

Check if all policies are back in iptables firewall configurations :

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere             ! match-set whitelist4 src

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain LOGGING (0 references)
target     prot opt source               destination

Chain f2b-sshd (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere


Share on :