Tips - How to disable iptables firewall temporarily
Learn how to disable
iptables firewall in Linux temporarily for troubleshooting purpose. Also learn how to save policies and how to restore them back when you enable firewall back.
Sometimes you have the requirement to turn off
iptables firewall to do some connectivity troubleshooting and then you need to turn it back on. While doing it you also want to save all your firewall policies as well. In this article, we will walk you through how to save firewall policies and how to disable/enable
- Save iptables policies
- Stop/disable iptables firewall
- Restore firewall policies
Save iptables policies
The first step while disabling
iptables firewall temporarily is to save existing firewall rules/policies.
iptables-save command lists all your existing policies which you can save in a file on your server.
sudo iptables-save > /root/firewall_rules.backup
Stop/disable iptables firewall
For older Linux kernels you have an option of stopping service iptables with service iptables stop but if you are on the new kernel, you just need to wipe out all the policies and allow all traffic through the firewall. This is as good as you are stopping the firewall.
Use below list of commands to do that.
sudo iptables -F sudo iptables -X sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT
-F: Flush all policy chains
-X: Delete user defined chains
FORWARD: Accept specified traffic
Once done, check current firewall policies. It should looks like below which means everything is accepted (as good as your firewall is disabled/stopped)
sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Restore firewall policies
sudo iptables-restore < /root/firewall_rules.backup
Check if all policies are back in
iptables firewall configurations :
sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination f2b-sshd tcp -- anywhere anywhere multiport dports ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere ! match-set whitelist4 src Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain LOGGING (0 references) target prot opt source destination Chain f2b-sshd (1 references) target prot opt source destination RETURN all -- anywhere anywhere