Clearing IPTables rules

-

Occasionally I find it necessary to quickly clear out all the IPTables rules without accidentally losing access to the machine. I've found the below commands to be the quickest way to accomplish that goal (substitute ip6tables if you live in an IPv6 world)

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

You can confirm afterward by running iptables -nvL, which should produce output similar to:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Comments

Post a Comment

Popular posts from this blog

SSH Private Keys - RSA vs. OpenSSH

-
It would seem that ssh-keygen on OS X Mojave generates OpenSSH Private Keys instead of the traditional RSA Private Keys. While on the surface this is not a problem at all, it recently created a problem for us in combination with our use of the net-ssh Ruby gem, specifically that only RSA Private Keys are supported by this particular version of the gem, unless other dependencies are explicitly installed. So there would appear to be two solutions to this problem. First, we could update the net-ssh gem or discover/install whatever other dependencies are required to support OpenSSH Private Keys. Option two is to convert the existing private key from OpenSSH to RSA. The man page for ssh-keygen is helpful, but not nearly clear enough for this use case, so I'm documenting it here because I'm sure it'll come back to bite me again in the future. Assuming ~/.ssh/id_rsa starts with: -----BEGIN OPENSSH PRIVATE KEY----- Run ssh-keygen -p -m PEM -f ~/.ssh/id_rsa and you will ...
Read more

tcgetattr: Inappropriate ioctl for device

-
Recently a colleague of mine was working on a bash script to copy a script to a group of servers, run the script and display the output. The basic structure of the script was: for host in $(host_list); do echo "Host = $host" scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no check_script.rb user@${host}:/tmp/check_script.rb ssh -tt -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@${host} 'chmod +x /tmp/check_script.rb' ssh -tt -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@${host} 'sudo ruby check_script.rb' done When he attempted to run his script, it was failing after copying the script to the first remote host with the error tcgetattr: Inappropriate ioctl for device .  A google search turned up a bunch of results, but nothing helpful enough to resolve the issue. The issue turns out to be the ssh command requesting a TTY and erroring out because it is unable to get one.  Removing the -tt option fro...
Read more

Google Wifi and Verizon FiOS

-
Image
There are a bunch of articles spread around the internet about how to best use Google Wifi and Verizon FiOS together. The concepts are really applicable to any case where you want to replace the Verizon FiOS router with your own, while still retaining full TV functionality (Guide, On-Demand, Remote DVR access, On-Screen Caller ID, etc). My experience drew heavily from several sources, including http://www.dslreports.com/faq/16077 , https://robotpoweredhome.com/google-nest-wifi-verizon-fios/ , and https://www.arhea.net/posts/2020-01-012-fios-own-router.html . My ultimate goal was to completely remove the Verizon FiOS router (in my case, a G1100), while retaining full functionality. The gist of what my setup looks like is below: The components involved here are: FiOS ONT (Optical Network Terminal) Google Wifi Points Any unmanaged 10/100/1000 Ethernet Switch (you decide how many ports you need) MOCA Bridge (Actiontec WCB3000) FiOS TV One DVR (Arris VMS4100) FiOS TV Set Top Boxes (Arris ...
Read more