-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Léa,
On 10/28/14 9:55 AM, Léa Massiot wrote: > Christopher Schultz-2 wrote >> A bit of warning: when modifying iptables, you need to be very >> careful that you don't wipe-out any rules that allow you to gain >> remote access to the server. For instance, if you have a default >> rule to DROP all packets and an exception that allows port 22 >> (ssh) traffic, then flushing all the rules in a table can make it >> impossible for you to revert the change without remote-rebooting >> (or, worse yet, paying someone to walk into the cage and push the >> reset button). > > Yes right, fortunately I wasn't working on a remote machine. > > On Debian Wheezy, the following set of commands actually disables > the firewall: > ------------------------------------------------------- iptables > -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t > mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables > -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT > ------------------------------------------------------- You don't need that much complexity. Usually, OUTPUT is left mostly unconstrained so you only need to adjust INPUT. You should set up an exception to INPUT instead of actually flushing the whole table. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUT8AGAAoJEBzwKT+lPKRYm5MQAKB95mU/1E8b5jE/0a4tnIej /jeF1FDo5pHlhxHI4X9s+wnr9RqMBSSUKwkhcp6U/pj0LRoB+0VetE2+zHJyKfJ1 6gpp1OVDU9PZ/GpLGHQr3Bxu+X6iRTpNQe+YOh+cH6UJHZ+PvuiWzNJJhN1zRjgd iPSbXnXJ4FJNYnJuCCLGutO8Kk+gucBIl5+feBA8zwHEJIi40sexmHKfJX3IBFHU WmMJXuuIvLRNR21+S0ZUfryg0xzzIhIjNtQSF+2UgwgGar+tgj/Qw6yH2VEpwXPG UWUnqj+2LDON0OCaMghhppYMz5vwAB72AZHoDbnUJgjzIGG5ciYSaGaFudfwcKNl 5yBPLj6WH3I1j9FFBoac+YP/1BSCXHFkuIUQ2v6H0Lv2pkdQj8V+Klbn1jwh4T5N ibtszwUyQI1Ya4E9zHnuUC9UOl7CG8/a8z6DR/wB4WQKVoktGigRlYXG6niHZeiL Pj9NW8Rm/HJqLaDLrJVENdzBRNHai+v9SA28ptqyqOTnzdHGHTBnY1++z2QCwIgK A/MBK00YoM1iwuMZ61eu9fA0Pa19CqOiUk7meS7lrDDgX4nFm9NrvVVZLeyc4H7f 8jWR7qkiV3uvVe6etfBm3/C/H9vP2LQkCSAdLzZM64EYQxKUiRZ1OO203sq+wZWZ ULAinTYeyxtVQjGsfafB =LKr7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
