RamNode logo
    Sign UpLogin
    Back to OpenVZ Documentation

    Clear iptables Rules

    Recover from firewall lockout by resetting iptables rules

    Table of Contents

    Locked Out by Firewall?

    If you find yourself unable to reach your VPS, but able to reach other parts of our network, you may have accidentally blocked yourself with iptables firewall rules.

    Common Lockout Scenarios

    • Accidentally blocked SSH port (22)
    • Set a DROP policy without allowing your IP
    • Misconfigured firewall rules
    • Applied rules without testing first

    Method 1: Using VNC Console (Recommended)

    The safest way to clear iptables rules is through VNC console access:

    Steps

    1. Log into your SolusVM Control Panel
    2. Click on "Console" or "VNC" to access the VNC console
    3. Log in with your root credentials
    4. Clear all iptables rules (see commands below)
    5. Verify you can connect via SSH again

    Commands to Clear iptables

    Quick Clear (Flush All Rules)

    # Flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Set default policies to ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

    Complete Reset Script

    You can create a script to completely reset iptables:

    #!/bin/bash
# Save as reset-iptables.sh

echo "Flushing all iptables rules..."

# Flush all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X

# Set default policies to ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

echo "iptables rules cleared!"
echo "Current rules:"
iptables -L -v -n

    Make it executable and run it:

    chmod +x reset-iptables.sh
./reset-iptables.sh

    Method 2: Reboot (Temporary Fix)

    If your iptables rules aren't saved to persist after reboot, you can simply reboot your VPS from SolusVM. This will clear the rules until you apply them again.

    Note

    This only works if you haven't made the rules persistent with iptables-save or iptables-persistent package.

    Verifying Rules are Cleared

    After clearing rules, verify they're gone:

    # List all rules
iptables -L -v -n

# Check default policies
iptables -L | grep policy

    Preventing Future Lockouts

    1. Always Allow Your IP First

    # Allow your IP address before setting DROP policy
iptables -A INPUT -s YOUR_IP_ADDRESS -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

    2. Test Rules Before Making Persistent

    Apply rules temporarily first and test. If you get locked out, a reboot will restore access (if rules aren't persistent).

    3. Use a Safety Script

    Create a script that automatically clears iptables after 5 minutes unless you cancel it:

    # Apply your rules
./apply-firewall-rules.sh

# Set auto-clear in 5 minutes
at now + 5 minutes <<EOF
/root/reset-iptables.sh
EOF

# If everything works, cancel the reset:
atrm [job_number]

    4. Keep VNC Console Handy

    Always know how to access your VNC console before experimenting with firewall rules.

    Recommended Firewall Tools

    Consider using these tools instead of raw iptables:

    UFW (Uncomplicated Firewall)

    Simple firewall management for Ubuntu/Debian

    firewalld

    Dynamic firewall manager for CentOS/RHEL

    CSF (ConfigServer Firewall)

    Feature-rich firewall with web interface

    These tools have safety features to prevent lockouts.