0

I decided to run this command 

iptables-save | tee iptables_backup.conf | grep -v '\-A'

but instead I accidentally put an extra command iptables-restore and ran this and now my server is locked. I cannot SSH anymore:

iptables-save | tee iptables_backup.conf | grep -v '\-A' | iptables-restore

I can access my server from the rescue disk and view all the files, but how do I revert the above command to start my server ?

I'm using Centos 8.

Kalib Zen
  • 137
  • 7

2 Answers2

1

Smart of you to take a backup. Why not use it?

iptables-restore < iptables_backup.conf
Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11
  • The iptables_backup didn't contain ipv6, so the backup was useless. I managed to solved this by restarting the iptables for both ipv6 and ipv4 by putting the clear script at rc.local – Kalib Zen May 17 '20 at 08:36
  • I didn't know that iptables-restore did a flush by default. A dangerous choice by the authors. – Gerard H. Pille May 17 '20 at 08:43
0

Since the backup was useless because it didn't contain ipv6, I should had done another backup for ipv6 like this:

ip6tables-save

I solved it by restoring the iptables to the original state at boot time using rc.local. So, when booting into recovery I edited this file:

nano /etc/rc.d/rc.local

# Temporary commands to run once at startup to reset iptables to original state
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

ip6tables -F
ip6tables -X
ip6tables -t nat -F
ip6tables -t nat -X
ip6tables -t mangle -F
ip6tables -t mangle -X
ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT

#chmod +x rc.local

Then, I rebooted the system. The above script will run, and now I can access my server.

After everything is ok, then I removed all the above commands to prevent auto run again for the second time.

Kalib Zen
  • 137
  • 7