LinuxQuestions.org - How can I permanently delete all iptables rules?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How can I permanently delete all iptables rules? (https://www.linuxquestions.org/questions/linux-security-4/how-can-i-permanently-delete-all-iptables-rules-4175549968/)

How can I permanently delete all iptables rules?

Im not in the mood for "why". I just want to know if there is a way to completely, permanently remove every single rule that has been added into iptables. If so, what is the command as I really need it. I have tried iptables -F, -Z, -X whatever it is, nothing seems to permanently remove it.

Thank You!

Code:

iptables -F

iptables -X

done.
You said "it". Clarify that please.

Quote:

Originally Posted by Habitual (Post 5401508)

Code:

iptables -F

iptables -X

done.
You said "it". Clarify that please.

Oh by it I meant all of the rules. Ive tried iptables -F and iptables -X but Ill try again. Well, it works that much I know. However when I try to restore my rules back using a config file, its put back rules that had been previously added by an automated program (libvirt), even if I clear it from the file. The command I use to restore is iptables-restore </etc/firewall.rules and then I do iptables-save >/etc/firewall.rules I will try it all again though.

EDIT: I guess I just can't use the iptables-save command anymore as it puts back the stuff from libvirt. Guess I can only use iptables-restore ...that stinks. iptables is really wonky.

Quote:

Originally Posted by Altiris (Post 5401513)

Well, when you do iptables-save > /etc/firewall.rules you overwrite your original rules with whatever is in the tables at that time. When you then use that file with iptables-restore you reload them just like it was when saved - additional rules included. Whatever was originally in /etc/firewall.rules is... gone...

If you want to keep your original firewall rules intact, then try...

Code:

iptables-save >/etc/firewall.saved.rules

itpables-restore /etc/firewall.saved.rules



AND usually at boot or to put back to known state...



/etc/rc.d/rc.firewall start which likely loads /etc/firewall.rules as shell script

Generally, the iptables-save/-restore format is not the same as a firewall script used to initialize iptables which is commonly /etc/firewall.rules, so overwriting that file with iptables-save will likely break your boot firewall script.

So to permanently delete any runtime added rules you must have the original iptables rules script available to run after iptables -F.

Quote:

Originally Posted by astrogeek (Post 5401519)

Code:

iptables-save >/etc/firewall.saved.rules

itpables-restore /etc/firewall.saved.rules



AND usually at boot or to put back to known state...



/etc/rc.d/rc.firewall start which likely loads /etc/firewall.rules as shell script

Yeah I just found this site https://www.frozentux.net/iptables-t...tml/x1882.html and it said to do pretty much the samething. Your post helepd me understand more though.

Quote:

Originally Posted by Altiris (Post 5401532)

Yeah I just found this site https://www.frozentux.net/iptables-t...tml/x1882.html and it said to do pretty much the samething. Your post helepd me understand more though.

Great!

Just remember, iptables-save and iptables-restore allow you to save state and restore a saved state. Restore does NOT restore an initial non-saved state, which might be confusing you.

The initial state is generally set by a shell script using iptables -N/-A/-I commands and is what you should manage for setting known states.

Good luck!