Allowing SSH through iptables

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a remote server that I can access with SSH.



The first time, what I did was:



/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP


Now I have only a single port accessible from a single IP and everything is locked.



How can I unblock all the traffic (at least for SSH)?










share|improve this question























  • An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
    – Jeroen - IT Nerdbox
    Aug 8 at 12:20






  • 1




    Reboot the server if you did not make the rules permanent.
    – Christopher
    Aug 8 at 12:20










  • It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
    – Valentin B
    Aug 8 at 13:45














up vote
0
down vote

favorite












I have a remote server that I can access with SSH.



The first time, what I did was:



/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP


Now I have only a single port accessible from a single IP and everything is locked.



How can I unblock all the traffic (at least for SSH)?










share|improve this question























  • An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
    – Jeroen - IT Nerdbox
    Aug 8 at 12:20






  • 1




    Reboot the server if you did not make the rules permanent.
    – Christopher
    Aug 8 at 12:20










  • It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
    – Valentin B
    Aug 8 at 13:45












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a remote server that I can access with SSH.



The first time, what I did was:



/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP


Now I have only a single port accessible from a single IP and everything is locked.



How can I unblock all the traffic (at least for SSH)?










share|improve this question















I have a remote server that I can access with SSH.



The first time, what I did was:



/usr/sbin/iptables -A INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP


Now I have only a single port accessible from a single IP and everything is locked.



How can I unblock all the traffic (at least for SSH)?







ssh iptables






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 8 at 12:23









Kusalananda

106k14209327




106k14209327










asked Aug 8 at 12:05









Anoop

1




1











  • An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
    – Jeroen - IT Nerdbox
    Aug 8 at 12:20






  • 1




    Reboot the server if you did not make the rules permanent.
    – Christopher
    Aug 8 at 12:20










  • It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
    – Valentin B
    Aug 8 at 13:45
















  • An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
    – Jeroen - IT Nerdbox
    Aug 8 at 12:20






  • 1




    Reboot the server if you did not make the rules permanent.
    – Christopher
    Aug 8 at 12:20










  • It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
    – Valentin B
    Aug 8 at 13:45















An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
– Jeroen - IT Nerdbox
Aug 8 at 12:20




An iptables -F will flush everything. Then make sure you allow SSH access first. This assuming you still have console access to the machine itself.
– Jeroen - IT Nerdbox
Aug 8 at 12:20




1




1




Reboot the server if you did not make the rules permanent.
– Christopher
Aug 8 at 12:20




Reboot the server if you did not make the rules permanent.
– Christopher
Aug 8 at 12:20












It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
– Valentin B
Aug 8 at 13:45




It would be easier to set your INPUT chain policy to drop. Allow then ssh traffic and that on 9043 No need for the -j DROP rule anymore
– Valentin B
Aug 8 at 13:45










1 Answer
1






active

oldest

votes

















up vote
1
down vote













Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:



# make default policy ACCEPT so that you don't block out yourself,
/usr/sbin/iptables -P INPUT ACCEPT
# remove all rules (flush)
/usr/sbin/iptables -F


make sure nothing else blocks you here (like default policy DROP for OUTPUT)



If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:



# insert new rule (in the beginning of the list) before that accepts ssh traffic 
/usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
# remove previously added rule (no longer needed)
/usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT





share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461272%2fallowing-ssh-through-iptables%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    1
    down vote













    Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:



    # make default policy ACCEPT so that you don't block out yourself,
    /usr/sbin/iptables -P INPUT ACCEPT
    # remove all rules (flush)
    /usr/sbin/iptables -F


    make sure nothing else blocks you here (like default policy DROP for OUTPUT)



    If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:



    # insert new rule (in the beginning of the list) before that accepts ssh traffic 
    /usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
    # remove previously added rule (no longer needed)
    /usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT





    share|improve this answer
























      up vote
      1
      down vote













      Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:



      # make default policy ACCEPT so that you don't block out yourself,
      /usr/sbin/iptables -P INPUT ACCEPT
      # remove all rules (flush)
      /usr/sbin/iptables -F


      make sure nothing else blocks you here (like default policy DROP for OUTPUT)



      If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:



      # insert new rule (in the beginning of the list) before that accepts ssh traffic 
      /usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
      # remove previously added rule (no longer needed)
      /usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT





      share|improve this answer






















        up vote
        1
        down vote










        up vote
        1
        down vote









        Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:



        # make default policy ACCEPT so that you don't block out yourself,
        /usr/sbin/iptables -P INPUT ACCEPT
        # remove all rules (flush)
        /usr/sbin/iptables -F


        make sure nothing else blocks you here (like default policy DROP for OUTPUT)



        If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:



        # insert new rule (in the beginning of the list) before that accepts ssh traffic 
        /usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
        # remove previously added rule (no longer needed)
        /usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT





        share|improve this answer












        Assuming these are the only two rules you entered, if you want to have unrestricted access to all ports, just do:



        # make default policy ACCEPT so that you don't block out yourself,
        /usr/sbin/iptables -P INPUT ACCEPT
        # remove all rules (flush)
        /usr/sbin/iptables -F


        make sure nothing else blocks you here (like default policy DROP for OUTPUT)



        If you want to keep all others ports blocked, and just have ssh world-wide open, do this instead:



        # insert new rule (in the beginning of the list) before that accepts ssh traffic 
        /usr/sbin/iptables -A INPUT -p tcp --dport 9043 -j ACCEPT
        # remove previously added rule (no longer needed)
        /usr/sbin/iptables -D INPUT -p tcp -s 192.168.80.55 --dport 9043 -j ACCEPT






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Aug 8 at 14:27









        Adam Golebiowski

        412




        412



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461272%2fallowing-ssh-through-iptables%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?