Re: What is the best way to turn off the iptables

[Anand Sivaram <aspnair@gmail.com>]

On Thu, Jul 5, 2012 at 10:06 PM, Brian <ad44@cityscape.co.uk> wrote:

On Thu 05 Jul 2012 at 23:02:19 +0800, lina wrote:

> Chain INPUT (policy DROP)
> target     prot opt source               destination
>
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Seems It dropped all. I even can't connect to the internet.

You've been playing with ufw, haven't you? Purge it to get a sane policy.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: [🔎] 20120705163651.GF28931@desktop" target="_blank">http://lists.debian.org/[🔎] 20120705163651.GF28931@desktop

You could always flush/remove all the rules.  But my suggestion is to  understand why it is blocking you.

You could do that by

iptables -L -vn

this prints the packets stats against each rule.

Another handy tool is netcat.  Combining both of these you could easily debug iptables scenario.

For example to see your loopback scenario do the following in two shells

shell1: nc -l -p 5000 # listen on port 5000

shell2: echo 'hello' | nc 127.0.0.1 5000 #send something to loopback port 5000

The message should be printed on shell1 and if you type something on shell1 it should come back to shell2 also.

If it is coming or not, analyze the packet stats, see it is increased against which rule.

-- 
http://saurorja.org
Twitter: @anand_sivaram