Hi,
I would like to know if there is a way to reset completely the iptables configuration.
The problem is that I have been using ufw for some times (and put an ugly exit 0 in bubba-firewall init.d script but with the new update it seems there is a lot of needed modules not included in the kernel so I wanted to go back to use the integrated firewall.
I restored the firewall.conf I kept, but it seems to me things are wrong, too much things are open on the WAN port.
So I would like to reset it completly, but I really don't have any idea how to do that and if there is other files than the firewall.conf file to restore…
Thanks!
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Restore out-of-box iptables settings
Re: Restore out-of-box iptables settings
You can use this one
Code: Select all
# Generated by iptables-save v1.4.8 on Wed Dec 21 20:26:34 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
COMMIT
# Completed on Wed Dec 21 20:26:34 2011
# Generated by iptables-save v1.4.8 on Wed Dec 21 20:26:34 2011
*nat
:PREROUTING ACCEPT [2:404]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Dec 21 20:26:34 2011
cheers
Eek
Eek
Re: Restore out-of-box iptables settings
Hi thanks,
With a bit of adaptation I managed to use it
That would be really nice to have a better firewall configuration application, this is one seems very sensible to deviations from the normal usage.
With a bit of adaptation I managed to use it
That would be really nice to have a better firewall configuration application, this is one seems very sensible to deviations from the normal usage.