Home Download Ubuntu

Script to flush iptables in Ubuntu

If you messed up something in iptables, you should reset iptables with the following script. This is also good for removing internet connection sharing (ICS).
To have 100% success with the following script, you should delete any custom start-up iptables scripts.

Let's make the flush script:

sudo nano /etc/init.d/flush_script


Paste in the followings:

#!/bin/sh
#
# rc.flush-iptables - Resets iptables to default values.
#
# Copyright (C) 2001 Oskar Andreasson
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program or from the site that you downloaded it
# from; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
#
# Configurations
#
IPTABLES="/usr/sbin/iptables"
#
# reset the default policies in the filter table.
#
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#
# reset the default policies in the nat table.
#
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
#
# reset the default policies in the mangle table.
#
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
#
# flush all the rules in the filter and nat tables.
#
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
#
# erase all chains that's not default in filter and nat table.
#
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X


Make the file executable:

sudo chmod +x /etc/init.d/flush_script


Run it:

sudo /etc/init.d/flush_script


Resources: maruhn.com

4 comments:

Scott said...

The script dose not work on Ubuntu Server 12.04.!!!
Thank You
Scott....

Speedy Gonzales said...

Well, I've tested it on Ubuntu server 10.10 and it worked. It should also work on Ubuntu Server 12.04, but I've not tested it yet.

allanregistos said...

@Scott, if the error is:
/etc/init.d/flush_script: 27: /etc/init.d/flush_script: /usr/sbin/iptables: not found
Then run this command:
sudo ln -s /sbin/iptables /usr/sbin/iptables
And run the script again. I hope it will work for you.

I installed iRedmail and it messed up the iptables. Uninstalled iRedmail but the iptables was not updated to default. I cannot connect anymore to port 5432(postgres), I managed to connect to port 22 but to no avail at 5432.

Speedy Gonzales said...

By default, Ubuntu has no restrictions as I remember (until Ubuntu 10.04 at least).

Post a Comment