Allowing SSH through iptables
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a remote server that I can access with SSH.
The first time, what I did was:
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP
Now I have only a single port accessible from a single IP and everything is locked.
How can I unblock all the traffic (at least for SSH)?
ssh iptables
add a comment |Â
up vote
0
down vote
favorite
I have a remote server that I can access with SSH.
The first time, what I did was:
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP
Now I have only a single port accessible from a single IP and everything is locked.
How can I unblock all the traffic (at least for SSH)?
ssh iptables
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
1
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on9043
No need for the-j DROP
rule anymore
â Valentin B
Aug 8 at 13:45
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a remote server that I can access with SSH.
The first time, what I did was:
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP
Now I have only a single port accessible from a single IP and everything is locked.
How can I unblock all the traffic (at least for SSH)?
ssh iptables
I have a remote server that I can access with SSH.
The first time, what I did was:
/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP
Now I have only a single port accessible from a single IP and everything is locked.
How can I unblock all the traffic (at least for SSH)?
ssh iptables
ssh iptables
edited Aug 8 at 12:23
Kusalananda
106k14209327
106k14209327
asked Aug 8 at 12:05
Anoop
1
1
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
1
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on9043
No need for the-j DROP
rule anymore
â Valentin B
Aug 8 at 13:45
add a comment |Â
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
1
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on9043
No need for the-j DROP
rule anymore
â Valentin B
Aug 8 at 13:45
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
1
1
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on
9043
No need for the -j DROP
rule anymoreâ Valentin B
Aug 8 at 13:45
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on
9043
No need for the -j DROP
rule anymoreâ Valentin B
Aug 8 at 13:45
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:
# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F
make sure nothing else blocks you here (like default policy DROP for OUTPUT)
If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:
# insert new rule (in the beginning of the list) before that accepts ssh traffic
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:
# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F
make sure nothing else blocks you here (like default policy DROP for OUTPUT)
If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:
# insert new rule (in the beginning of the list) before that accepts ssh traffic
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
add a comment |Â
up vote
1
down vote
Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:
# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F
make sure nothing else blocks you here (like default policy DROP for OUTPUT)
If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:
# insert new rule (in the beginning of the list) before that accepts ssh traffic
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:
# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F
make sure nothing else blocks you here (like default policy DROP for OUTPUT)
If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:
# insert new rule (in the beginning of the list) before that accepts ssh traffic
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:
# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F
make sure nothing else blocks you here (like default policy DROP for OUTPUT)
If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:
# insert new rule (in the beginning of the list) before that accepts ssh traffic
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
answered Aug 8 at 14:27
Adam Golebiowski
412
412
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461272%2fallowing-ssh-through-iptables%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
â Jeroen - IT Nerdbox
Aug 8 at 12:20
1
Reboot the server if you did not make the rules permanent.
â Christopher
Aug 8 at 12:20
It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on
9043
No need for the-j DROP
rule anymoreâ Valentin B
Aug 8 at 13:45