why is iptables still filtering after i disable the firewall?

Karl Auer kauer at biplane.com.au
Wed Sep 15 14:15:06 UTC 2010 

On Wed, 2010-09-15 at 09:42 -0400, Robert P. J. Day wrote:
>   then what would be the incantation for disabling iptables entirely?
> i can only *guess* that this is what's causing my problem as i can't
> think of any other reason for not being able to ping out.

You can't "disable iptables" short of rebuilding your kernel. However,
you can tell iptables to filter nothing:

   sudo ip6tables -F
   sudo ip6tables -X
   sudo ip6tables -P INPUT ACCEPT
   sudo ip6tables -P OUTPUT ACCEPT
   sudo ip6tables -P FORWARD ACCEPT
   sudo ip6tables -P PREROUTING ACCEPT
   sudo ip6tables -P POSTROUTING ACCEPT
   sudo iptables -F
   sudo iptables -X
   sudo iptables -P INPUT ACCEPT
   sudo iptables -P OUTPUT ACCEPT
   sudo iptables -P FORWARD ACCEPT
   sudo iptables -P PREROUTING ACCEPT
   sudo iptables -P POSTROUTING ACCEPT

-F deletes all rules from all chains
-X deletes all non-builtin chains
-P sets the policy on a chain

Ignore errors telling you "bad built-in chain name" for PREROUTING or
POSTROUTING - they may not be present.

The end result is a totally open system. See "man iptables" and "man
ip6tables" for more info.

Then check that everything is gone:

sudo ip6tables -L -n
sudo iptables -L -n

You should see output like this if ip6tables and iptables are completely
out of the way:

kauer at karl:~$ sudo ip6tables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
kauer at karl:~$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
Old fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100916/29fbc867/attachment.sig>

More information about the ubuntu-users mailing list