How to temporarily disable firewall rules for troubleshooting

How to temporarily disable firewall rules for troubleshooting

From GUI:

  1. Backup the current configuration:
    1. Navigate to System :: Toolkit :: Save Settings
    2. Select a destination for the backup file; i.e Local Computer
    3. Click Save
  2. Remove the existing firewall rules:
    1. Navigate to Security :: Firewall
    2. Click the name of the chain that is being investigated; i.e INPUT for IPv6
    3. Click the checkbox on the header bar to select all rules
    4. Click Delete
    5. Verify there are no rules listed for the chain
    6. Repeat 2a-2e if additional chains needs to be disabled for testing
  3. Proceed with troubleshooting and when done restore the saved configuration:
    1. Navigate to System :: Toolkit :: Apply Settings
    2. Select the source for the backup file; i.e Local Computer
    3. Click Apply
    4. Click Finish

From CLI:

Save a copy of the current configuration:
save_settings
set filename=firewall_troubleshooting.cfg
commit
finish

Remove the existing firewall rules:
Note: Change INPUT to OUTPUT or FORWARD based on which chain is being investigated
  1. For IPv4:
cd /settings/ipv4_firewall/chains/
cd INPUT
delete -
commit
  1. For IPv6:
cd /settings/ipv6_firewall/chains/
cd INPUT
delete -
commit

Proceed with troubleshooting and when done restore the saved configuration:
apply_settings
set filename=firewall_troubleshooting.cfg
commit
yes
finish

From root shell:

  1. For IPv4:
Stop the iptables process:
/etc/init.d/iptables stop

Proceed with troubleshooting and when done restart the process:
/etc/init.d/iptables start

  1. For IPv6:

Stop the ip6tables process:

/etc/init.d/ip6tables stop

Proceed with troubleshooting and when done restart the process:
/etc/init.d/ip6tables start