Today, we accidentally remotely run the iptables-F command on a stepping stone (RHEL5) to interrupt all maintenance work on the stepping stone. The direct consequence is that the monitor, mouse, and keyboard must be connected to the data center for processing. View iptables status: [root @ RHEL5iptables] # iduid0 (root) gid0 (root) groups0 (root), 1 (bin
Today, we accidentally remotely run it on a stepping stone (RHEL5 ).Iptables-F command to interrupt all maintenance work through the stepping stone. The direct consequence is that the monitor, mouse, and keyboard must be connected to the data center for processing. ViewIptablesStatus:
[Root @ RHEL5 iptables] # id
Uid = 0 (root) gid = 0 (root) groups = 0 (root), 1 (bin), 2 (daemon), 3 (sys), 4 (adm ), 6 (disk), 10 (wheel)
[Root @ RHEL5 iptables] #
[Root @ RHEL5 iptables] # iptables-L
Chain INPUT (Policy DROP)
Target prot optsource destination
Chain FORWARD (policy ACCEPT)
Target prot optsource destination
Chain OUTPUT (policy ACCEPT)
Target prot optsource destination
Run the iptables. sh script and restore to normal., Iptables. sh content is as follows:
[Root @ RHEL5 iptables] # cat iptables. sh
#! /Bin/bash
Echo "1">/proc/sys/net/ipv4/ip_forward
###################################
/Sbin/modprobe ip_conntrack_ftp
/Sbin/modprobe ip_nat_ftp
/Sbin/modprobe ip_tables
/Sbin/modprobe ip_conntrack
/Sbin/modprobe iptable_filter
/Sbin/modprobe iptable_mangle
/Sbin/modprobe iptable_nat
/Sbin/modprobe ipt_LOG
/Sbin/modprobe ipt_limit
/Sbin/modprobe ipt_state
###################################
Iptables-F
Iptables-X
Iptables-F-t nat
Iptables-X-t nat
Iptables-F-t mangle
Iptables-X-t mangle
###################################
Iptables-P INPUT DROP
Iptables-a input-s 10.200.2.52-j ACCEPT
Iptables-a input-s 10.200.51.202-j ACCEPT
[Root @ RHEL5 iptables] #Sh iptables. sh
Check the running status of iptables:
[Root @ RHEL5 iptables] # iptables-L
Chain INPUT (policy DROP)
Target prot opt source destination
ACCEPT all -- 10.200.2.52 anywhere
ACCEPT all -- 10.200.51.202 anywhere
Chain FORWARD (policy ACCEPT)
Target prot optsource destination
Chain OUTPUT (policy ACCEPT)
Target prot optsource destination
Note the following when executing iptables-F:
1.-F only clears the chain rules, and does not affect the default rules set by-P.
2. After-P is set to DROP, be careful when using-F !!!
3. if no chain name is specified, all rules in all chains in a table are cleared by default.