Iptables locking me out of SSH

Question

I was in a SSH server and ran the command

iptables -F

and the server froze.

Since then I just can't login back again.

After some research I found that that command can freeze if you are in a SSH server.

The question is. How can I "revert" this?

Can anyone help me?

Looks like you deleted all the rules in the iptables, have you thought about logging into the physical machine and turning iptables off or reverting the changes you made.. — ryekayo, Jun 23 '15 at 16:47
I can't log into the physical machine because I have no access to it. It's a server in other company. You said "or reverting the changes you made": can I do that without having access to the physical machine? — undisp, Jun 23 '15 at 16:49
I'm pretty new to this so this may seem a dumb question, but how do I reboot the machine? If it matters I login to the machine like this: sudo service ssh -pXXXX root@XXX.XX.XXX.XXX — undisp, Jun 23 '15 at 16:55
what port are you using to log in?? Try just `ssh root@xxx.xxx.xxx.xxx` — ryekayo, Jun 23 '15 at 16:57
Yes but the login instructions I have is to login with that port and it worked until I do iptables -F — undisp, Jun 23 '15 at 17:00
It doesn't give any error message. Just gives connection timeout after a while. — undisp, Jun 23 '15 at 17:01
I ran the command `telnet XXX.XX.XXX.XXX` and it just says "Trying XXX.XX.XXX.XXX..." and doesn't do anything else — undisp, Jun 23 '15 at 17:05

score 2 · Accepted Answer · answered Jun 23 '15 at 18:26

If the remote server has ssh running over IPv6, you may be able to reconnect and load some more appropriate IPTables rules (as you've probably only dropped the IPv4 rules).

If there's no IPv6 or other non-IPv4 access (dial-up terminal server, IPMI console, etc), then you're out of luck, until you (or someone acting for you) get physical access. Assuming a default-deny policy (which seems to be the case based on what we see), you've completely isolated its IP interfaces.

Moral of the story: before meddling, save a copy of a working ruleset, and create an at or cron job to restore from that at a known time, in case it all goes wrong. I know that's too late to help now, but might save somebody else!

Iptables locking me out of SSH

1 Answers1