How to temporarily disable firewall rules for troubleshooting

How to temporarily disable firewall rules for troubleshooting

From GUI:

  1. Backup the current configuration:
    1. Navigate to System :: Toolkit :: Save Settings
    2. Select a destination for the backup file; i.e Local Computer
    3. Click Save
  2. Remove the existing firewall rules:
    1. Navigate to Security :: Firewall
    2. Click the name of the chain that is being investigated; i.e INPUT for IPv6
    3. Click the checkbox on the header bar to select all rules
    4. Click Delete
    5. Verify there are no rules listed for the chain
    6. Repeat 2a-2e if additional chains needs to be disabled for testing
  3. Proceed with troubleshooting and when done restore the saved configuration:
    1. Navigate to System :: Toolkit :: Apply Settings
    2. Select the source for the backup file; i.e Local Computer
    3. Click Apply
    4. Click Finish

From CLI:

Save a copy of the current configuration:
save_settings
set filename=firewall_troubleshooting.cfg
commit
finish

Remove the existing firewall rules:
Note: Change INPUT to OUTPUT or FORWARD based on which chain is being investigated
  1. For IPv4:
cd /settings/ipv4_firewall/chains/
cd INPUT
delete -
commit
  1. For IPv6:
cd /settings/ipv6_firewall/chains/
cd INPUT
delete -
commit

Proceed with troubleshooting and when done restore the saved configuration:
apply_settings
set filename=firewall_troubleshooting.cfg
commit
yes
finish

From root shell:

  1. For IPv4:
Stop the iptables process:
/etc/init.d/iptables stop

Proceed with troubleshooting and when done restart the process:
/etc/init.d/iptables start

  1. For IPv6:

Stop the ip6tables process:

/etc/init.d/ip6tables stop

Proceed with troubleshooting and when done restart the process:
/etc/init.d/ip6tables start

    • Related Articles

    • Firewall Rules for the Nodegrid Platform

      Version 0.2 (17 May 2018) Overview This guide lists all required and recommended firewall rules, to ensure a proper working of the solution. The list will need to be adjusted based on specific customer requirements. By default will the firewall will ...

    • Setting a firewall rule to block a single IP address

      Nodegrid can act as a firewall to filter traffic. It has six build in chains ( three for ipv4 and three for ipv6 ) - INPUT, OUTPUT and FORWARD Default policy can be assigned for each chain. For each chain, rules can be added deleted and modified. ...

    • Creating a New Firewall rule to block an Ip address or a network

      There are six default chains to configure firewall rules. Three for IPv4 and three for IPv6.  These chains are input , output and forward packets. One can make additional user chain if required. For each chain, policy can be created. Configuration ...

    • Company's Firewall configuration: what resources need to be opened in Firewall for the Nodegrid appliances to connect to ZPE Cloud?

      ZPE Cloud uses some IP addresses and hostnames that may be blocked by the Firewall rules. This can prevent the Nodegrid appliances from connecting to the Cloud and/or utilizing specific ZPE Cloud features. ZPE Cloud utilizes TCP port 443 for ...

    • Modem Troubleshooting

      Modem Troubleshooting Note: The commands below need to be run from the root shell. This is accessed from the admin CLI by using: shell sudo su - List connected modems mmcli -L Found 1 modems: /org/freedesktop/ModemManager1/Modem/0 [Sierra Wireless, ...