:: Re: [DNG] How to turn off the firew…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Olaf Meeuwissen
日付:  
To: Federico Fanton
CC: dng
題目: Re: [DNG] How to turn off the firewall
Hi Federico,

Federico Fanton via Dng writes:

> On 22/02/21 16:29, Steve Litt wrote:
>
>> On a Devuan machine, how do I turn off the firewall entirely, so all
>> ports are accessible? I need to do this for experimentation, not as a
>> permanent thing.
>
> To completely reset the firewall, see this script:
>
> #!/usr/bin/env bash
> set -eu
> declare -A chains=(
>      [filter]=INPUT:FORWARD:OUTPUT
>      [raw]=PREROUTING:OUTPUT
>      [mangle]=PREROUTING:INPUT:FORWARD:OUTPUT:POSTROUTING
>      [security]=INPUT:FORWARD:OUTPUT
>      [nat]=PREROUTING:INPUT:OUTPUT:POSTROUTING
> )
> for table in "${!chains[@]}"; do
>      echo "${chains[$table]}" | tr : $"\n" | while IFS= read -r; do
>          iptables -t "$table" -P "$REPLY" ACCEPT
>      done
>      iptables -t "$table" -F
>      iptables -t "$table" -X
> done


Neat script that takes care of covering all the tables and their
respective routes. Too bad it doesn't cover IPv6 :-/
That's easily fixed though by replacing iptables with ip6tables and
rerunning it.

For nftables it's a lot easier

nft flush ruleset

will do the same. IIUC, that should even work for firewall configured
via iptables/ip6tables, provided you have nftables installed of course.

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join