Help with IPtables causing disconnection and blocking

January 3, 2016 1.1k views
Security Networking CentOS

For some reason my iptables are causing problems for yum. Even more stranger, when I run "iptables -F" to flush the chain, it disconnects me and refuses connection on any port from any ip address. After a force reboot from the control panel, then it allows me to reconnect.

Chain INPUT (policy DROP)
ACCEPT TCP DPT:80
ACCEPT TCP DPT:21

Chain FORWARD (policy DROP)

Chain OUTPUT (policy ACCEPT)

1 comment
  • Thanks guys, one last thing

    It appears iptables are blocking DNS requests to 8.8.8.8 and the other DNS servers.

    Am I right in saying this is port 53 on UDP?

2 Answers

By running iptables -F you are 'flushing' the rules, not affecting the default policy. In your case, it is set to 'DROP' which means that, now that all the rules are gone, all packets will be dropped.

You'd want to run iptables -X afterwards to reset everything else to the defaults. So

iptables -F
iptables -X

should allow everything to go through.

What errors do you get when you try to use yum with your IPTables rules enabled? Can you post the output of:

sudo iptables -L -n
sudo iptables-save

I would personally change the default policy to ALLOW then append a DROP at the end of your INPUT Chain, so for instances like what you described when you flush the rules you aren't locked out.

I would also add a couple of rules in at the front of your INPUT Chain so your iptables-save looks like below

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -j DROP
Have another answer? Share your knowledge.