flushing iptables and avoiding losing remote access
Hi I want to know if i run the following iptables script, i wont lose my ssh remote access. Can anyone confirm this is ok?
#!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 22 # This is essential when working on remote servers via SSH to prevent locking yourself out of the system # iptables -A INPUT -p tcp --dport 22 -s MY_HOME_IP_ADDRESS -j LOG_ACCEPT iptables -A OUTPUT -p tcp --sport 22 -d MY_HOME_IP_ADDRESS -j LOG_ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains #
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP #cant trust users to behave # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT
Yes, that should work. In addition to the above script you're using we strongly recommend that you set a cronjob for the root user which has,
*/5 * * * * iptables -F
This will flush the iptables rules after every 5 minutes so even if you lock out of the server due to a bad iptables rule, the rules will be flushed every 5 minutes and you should be able to gain entry via SSH.
This is a much better way of deploying iptables and retaining access in case of a mistake and when the server is miles away in a data center.