iptables -F

This command should be removed or come with confirmation message before execution. Today, I wanted to to turn my blacklist into a whitelist. Reason being as I added new services, I don't always remember to add in new rules, as a result, I was exposing quite a number of potentially sensitive services.

Anyway, off i went setting the default behaviour to drop all packets and then flush the tables before adding in a whitelist. It seemed perfectly logical. The only thing I didnt factor is that I was connected over SSH, and so I just locked myself out. A 30 minute job ended up taking almost half a day to complete(of course there were other problems as well).

Since I had not rebooted my server since the previous major update, I did not realize that initscripts was removed, and so many services did not start at boot. Upon attaching a head to my server, it took me a while to fix a DHCP problem that the previous update caused.I then rebooted and killed iptables but surprisingly, the ports were still not open. I did not realise it was because the services were not even running. So I went on a mad goose chase loading all sorts of configurations into iptables and even reinstalling iptables at one point in time. I even thought that the netfilter module might have been corrupted and loaded a fresh kernel.

It seemed quite natural to me that SSH, httpd would load at boot so I didn't check ps. Anyway, it was much later before I realised the problem. I will carry on with a blacklist now, too risky to default drop, lest I get locked out again in a couple months time