IPTABLES -F -- issue/ Question

[busaussie]

Hi,

Sometimes when i type in IPTABLES -F while logged in using SSH, i get kicked out. Then i can't log back in until i reset the network services.

When i go to the actually console of the debian box, i can't ping anything including the eth0 interface.

Does anyone know why this occurs? I am using the wrong command to flush the IPtables?

I little information about the system:
Linux version 2.6.18.xs4.0.1.900.5799 (root@beefy-2) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #2 SMP Mon Aug 13 13:56:47 UTC 2007

This once occured in the past again on a Red hate box i was using also.

Thank you

[raghaven.kumar]

you are not supposed to do flushing when you are logged in.
Btw, why you want to flush iptables?

[busaussie]

when i am testing networking issues, i want to rule out the firewall of being a problem. So i flush the iptables. (instead of stopping it)

I worked out that when i run my own Iptables script then str8 after i type in IPTABLES -F, it stops working. My network connection drops. i can't even get it to ping itself.

To get it working again, i have reset the services, or type in
iptables --policy INPUT ACCEPT

Tell me if i am wrong, but i guess when i do an iptables -f, it flushes everything in the iptables, including any rules that states to accept traffic..

It is like a cisco ACL, when you put an ACL on an interface, there is an implicit deny. So you have to permit traffic.

[sheffy_llama]

Hi,

You have a DROP policy for INPUT. This will not be flushed as it is technically not a rule as such. I'm assuming you have rules to allow connections for things like SSH. When you flush those rules, you DROP everything as there are no longer ACCEPT rules.

:INPUT DROP ---- this won't get flushed, it will stay the same.
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20243:2705974]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

The 2 above rules WILL get flushed, denying you access.

Col.