#!/bin/bash
# If you used the startfw which I wrote, this script will stop it, i.e.,
# it flushes all the chains in iptables and unloads the ip* modules from kernel
# I (Jan Labanowski, jkl@ccl.net) took it from (I believe) Dirk Bartley
# presentation from http://www.kalamazoolinux.org/presentations/
# Namely, the actual file was::
# http://www.kalamazoolinux.org/presentations/20010417/flush
#
# When you want to stop the firewall just type
# ./flushfw.sh
# I assume that that on a production machine, this script will reside in
# /usr/sbin/ and will be only read/write/executable by root (700)
# I also use this script in the /etc/rc.d/init.d/iptables-jkl script
# which starts iptables on boot.
#
IPTABLES=/sbin/iptables
IP_MODULES=`/sbin/lsmod | /bin/awk '{print $1}' | /bin/grep '^ip'`
if [ "${IP_MODULES}x" == "x" ]; then # if no ip modules
echo No iptables modules found in kernel
exit 0
fi
# Flush everything and remove iptables modules
# Set all of the Policies on the filter table to accept
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
#
# Flush all of the existing chains on the filter table
$IPTABLES -F
# Remove all of the user defined chains on the filter table
$IPTABLES -X
#
#
# Set all of the Policies on the nat table to accept
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
#
# Flush all of the existing chains on the nat table
$IPTABLES -t nat -F
# Remove all of the user defined chains on the nat table
$IPTABLES -t nat -X
#
#
# Set all of the Policies on the mangle table to accept
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
# Flush all of the existing chains on the mangle table
$IPTABLES -t mangle -F
# Remove all of the user defined chains on the mangle table
$IPTABLES -t mangle -X
#
# Not required:
# Stop forwarding and
# Remove all the iptables modules
#
echo 0 > /proc/sys/net/ipv4/ip_forward
IP_MODULES=`/sbin/lsmod | /bin/awk '{print $1}' | /bin/grep '^ip'`
while [ ! "${IP_MODULES}x" = "x" ]; do # I do while in case if there are
echo Removing modules:${IP_MODULES} # some dependencies, etc.
/sbin/rmmod ${IP_MODULES}
/bin/sleep 2
IP_MODULES=`/sbin/lsmod | /bin/awk '{print $1}' | /bin/grep '^ip'`
done
|