Does iptables -F permanently delete all iptables rules?

rhel iptables
32,470

Solution 1

The iptables rules are stored in two places on Red Hat systems:

  • In memory within the running kernel, where the firewall code checks them on network I/O. Flushing the rules with iptables -F gets rid of this ruleset only.

  • In /etc/sysconfig/iptables from which they are loaded on boot. You can force a reload without rebooting with service iptables reload or ...restart.

So the answer is no, flushing the rules with iptables -F is not permanent.

When you go into setup and modify the firewall rules, it saves them in /etc/sysconfig/iptables. You're not supposed to edit that file directly, but if you know the iptables command line format, you can pretty easily figure out the format of this file.

Solution 2

Also, as a point of reference, here's how to flush ALL the current iptables rules:

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables=/sbin/iptables
$iptables -F
$iptables -X
$iptables -t nat -F
$iptables -t nat -X
$iptables -t mangle -F
$iptables -t mangle -X
$iptables -P INPUT ACCEPT
$iptables -P FORWARD ACCEPT
$iptables -P OUTPUT ACCEPT
Share:
32,470

Related videos on Youtube

Mike B
Author by

Mike B

Updated on September 18, 2022

Comments

  • Mike B
    Mike B over 1 year

    In a RHEL training document, the author says:

    ...run the following command to disable the firewall on the current system: iptables -F

    He explicitly uses the word "disable" which to me suggests that it will be simple to re-enable. In reading the man page though for iptables, I see this:

    Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.

    Can I get clarification on the expected behavior?

    • Stéphane Chazelas
      Stéphane Chazelas over 11 years
      Note that iptables -F flushes all the rules in the "filter" table, it doesn't flush the other tables (nat, mangle...) and doesn't restore the policies to their default, so they can't really be said to disable the firewall.
  • Mike B
    Mike B over 11 years
    Fantastic answer. I appreciate the detail and clarification. Thanks Warren.
  • derobert
    derobert over 11 years
    There are actually more tables than that. At least -t raw and -t security. Instead of hard coding, use /proc/net/ip_tables_names

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

add rule to firewalld in Centos7 to allow all traffic from a server
IPtables reset on reboot, how do I tell what is causing this
IPTables allow NTP Time Server
Port Forward :80 and :8080 to Two Different Servers
how to check if firewall is stopped on redhat 7
Is firewalld the same as iptables?
How to let the Firewall of RHEL7 the SNMP connection passing?
How can I make iptables service start automatically after reboot on CenOS/RHEL7?
( /etc/sysconfig/iptables ) "Manual customization of this file is not recommended." Why?
Opening port on IPTables not working