why is iptables still filtering after i disable the firewall?
Karl Auer
kauer at biplane.com.au
Wed Sep 15 14:15:06 UTC 2010
On Wed, 2010-09-15 at 09:42 -0400, Robert P. J. Day wrote:
> then what would be the incantation for disabling iptables entirely?
> i can only *guess* that this is what's causing my problem as i can't
> think of any other reason for not being able to ping out.
You can't "disable iptables" short of rebuilding your kernel. However,
you can tell iptables to filter nothing:
sudo ip6tables -F
sudo ip6tables -X
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P OUTPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P PREROUTING ACCEPT
sudo ip6tables -P POSTROUTING ACCEPT
sudo iptables -F
sudo iptables -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P PREROUTING ACCEPT
sudo iptables -P POSTROUTING ACCEPT
-F deletes all rules from all chains
-X deletes all non-builtin chains
-P sets the policy on a chain
Ignore errors telling you "bad built-in chain name" for PREROUTING or
POSTROUTING - they may not be present.
The end result is a totally open system. See "man iptables" and "man
ip6tables" for more info.
Then check that everything is gone:
sudo ip6tables -L -n
sudo iptables -L -n
You should see output like this if ip6tables and iptables are completely
out of the way:
kauer at karl:~$ sudo ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
kauer at karl:~$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/kauer/ +61-428-957160 (mob)
GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100916/29fbc867/attachment.sig>
More information about the ubuntu-users
mailing list