Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : flushing iptables and avoiding losing remote access

[thegeezer3]

Hi I want to know if i run the following iptables script, i wont lose my ssh remote access. Can anyone confirm this is ok?

PHP Code:

#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
 iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
 iptables -A INPUT -p tcp --dport 22 -s MY_HOME_IP_ADDRESS -j  LOG_ACCEPT
 iptables -A OUTPUT -p tcp --sport 22 -d  MY_HOME_IP_ADDRESS -j LOG_ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#

 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT DROP #cant trust users to behave
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT 


[eth1]

Yes, that should work. In addition to the above script you're using we strongly recommend that you set a cronjob for the root user which has,

*/5 * * * * iptables -F

This will flush the iptables rules after every 5 minutes so even if you lock out of the server due to a bad iptables rule, the rules will be flushed every 5 minutes and you should be able to gain entry via SSH.

This is a much better way of deploying iptables and retaining access in case of a mistake and when the server is miles away in a data center.