iptables -P INPUT DROP / gone after reboot?

jibbajabba

I wanted to implement some IPTables on a remote server so I opened all necessary ports and then added the following to lock down the firewall:

iptables -P INPUT DROP
iptables -P OUTPUT DROP

I scheduled a reboot via crontab to make sure the tables get flushed in case I mess up ...

So I made some further tests which locked me out (which was expected) because I knew I had the reboot scheduled.

Now I am still locked out ... I got two options now

1. Reboot did not work for some reason
2. The drop command remains after reboot.

Does anyone know if the DROP commands remain after a reboot and only additional "rules" are being flushed ?

exampasser

I just tried in on my Raspberry Pi and the change is not persistent after a reboot.

nhpr

IPTables rules shouldn't persist across reboots. If it's a RHEL-based OS (CentOS, Fedora, etc.) you can pop the rule into /etc/sysconfig/iptables or do a "service iptables save" when you have everything set up as you'd like. If not RHEL-based, you're probably going to have to create your own script filled with your own IPTables rules and have it run on boot; initializing the script from rc.local or setting up an init script are always an options.

You should be able to get back in via some sort of console if you're not physically in front of it. Either that or call someone who is!

onesaint

As nhpr alluded to, what distro and version?