1

My server is Red Hat Enterprise Linux Server release 5.

What is the correct/proper command to clear all existing iptables rules defined in /etc/sysconfig/iptables (so that I can start defining/adding my new rules)?

Gnanam
  • 1,459
  • 13
  • 26
  • 32

2 Answers2

10
iptables -F # flush all chains
iptables -t nat -F
iptables -t mangle -F
iptables -X # delete all chains

Update the file with the current rules (not needed after the above steps but for further references)

iptables-save -c > /etc/iptables-save
itirazimvar
  • 171
  • 1
  • 7
Prix
  • 4,881
  • 3
  • 24
  • 25
  • I've a question here. The first command alone `iptables -F` is not sufficient to delete all the rules? Do I still need to run all the next 3 commands as well? – Gnanam Aug 04 '10 at 07:14
  • @Gnanam yes, you can confirm that by running `iptables -L table` where table would be `nat` for example. – Prix Aug 04 '10 at 07:20
  • Your answer 'Yes' is to which one of my above 2 questions? 1) Execute just first command alone 2) Execute all the 4 commands. – Gnanam Aug 04 '10 at 08:36
  • 2
    the answer is for you try it, experience. Those are simple commands and you can always run iptables-restore to bring back what you had previously. – Prix Aug 04 '10 at 08:47
1

1) Method:

Install system-config-firewall and setuptool RPMs. Start "setup", go to "Firewall configuration" and disable the firewall.

Add your own rules.

Start setup and enable the firewall.

2) Method:

Flush iptables using: /etc/init.d/iptables stop

Add your own rules and save the change with:

/etc/init.d/iptables save

Start the configuration:

/etc/init.d/iptables start

vigour
  • 26
  • 1
  • Using method 2, will it allow to add and save rules once iptables is stopped using `/etc/init.d/iptables stop`? – Gnanam Aug 04 '10 at 12:24
  • @Gnanam yes it does, iptables is a element part of the system you don't actually STOP it from working you simple flush all the rules when you stop it. you can verify it yourself by stopping it and then trying to run the command `iptables -L` – Prix Aug 04 '10 at 18:16
  • 1
    Your method 2 is very simple and straight forward. This is what exactly I was looking for. Instead of me manually cleaning-up all existing rules, this method 2 approach is automatically taking care of this. Even I've followed this same steps in my server and the solution is working. – Gnanam Aug 05 '10 at 07:02
  • the above method is basicly all the commands you need to use manually being done via the iptables init script; – Prix Aug 05 '10 at 08:08