iptables -P INPUT DROP / gone after reboot?
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
in Off-Topic
I wanted to implement some IPTables on a remote server so I opened all necessary ports and then added the following to lock down the firewall:
I scheduled a reboot via crontab to make sure the tables get flushed in case I mess up ...
So I made some further tests which locked me out (which was expected) because I knew I had the reboot scheduled.
Now I am still locked out ... I got two options now
1. Reboot did not work for some reason
2. The drop command remains after reboot.
Does anyone know if the DROP commands remain after a reboot and only additional "rules" are being flushed ?
iptables -P INPUT DROP iptables -P OUTPUT DROP
I scheduled a reboot via crontab to make sure the tables get flushed in case I mess up ...
So I made some further tests which locked me out (which was expected) because I knew I had the reboot scheduled.
Now I am still locked out ... I got two options now
1. Reboot did not work for some reason
2. The drop command remains after reboot.
Does anyone know if the DROP commands remain after a reboot and only additional "rules" are being flushed ?
My own knowledge base made public: http://open902.com
Comments
-
exampasser Member Posts: 718 ■■■□□□□□□□I just tried in on my Raspberry Pi and the change is not persistent after a reboot.
-
nhpr Member Posts: 165IPTables rules shouldn't persist across reboots. If it's a RHEL-based OS (CentOS, Fedora, etc.) you can pop the rule into /etc/sysconfig/iptables or do a "service iptables save" when you have everything set up as you'd like. If not RHEL-based, you're probably going to have to create your own script filled with your own IPTables rules and have it run on boot; initializing the script from rc.local or setting up an init script are always an options.
You should be able to get back in via some sort of console if you're not physically in front of it. Either that or call someone who is! -
onesaint Member Posts: 801As nhpr alluded to, what distro and version?Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness