Removing Management Console iptables Configuration

This reference applies to RPM installations and upgrades from Management Console release 20.01 and older as well as all OVA and AMI installations. The following instructions, provide commands to remove the rules created for iptables by Management Console and instructions to disable the iptables service.

To remove the iptables configuration Management Console applied during installation perform these steps:

  1. Login to Management Console host operating system console.

  2. Check iptables status (which should be active).

    sudo systemctl status iptables

    Iptables Status

  3. Check the applied iptables rules.

    sudo iptables -L

    Iptables Rules

  4. Remove rule which enabled port 8080.

    sudo iptables -D INPUT -p tcp -m state --state NEW --dport 8080 -j ACCEPT

  5. Remove rule which enabled port 8443.

    sudo iptables -D INPUT -p tcp -m state --state NEW --dport 8443 -j ACCEPT

  6. Remove rule which enabled port 5172.

    sudo iptables -D INPUT -p tcp -m state --state NEW --dport 5172 -j ACCEPT

  7. Remove rule which allowed incoming and outgoing pings.

    sudo iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
    sudo iptables -D OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
    sudo iptables -D OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
    sudo iptables -D INPUT -p icmp --icmp-type echo-reply -j ACCEPT
  8. Remove PREROUTING rule.

    sudo iptables -t nat -D PREROUTING -i `ip addr show | grep "state UP" | head -1 | awk -F': ' '{print $2}'` -p tcp --dport 443 -j REDIRECT --to-port 8443
  9. Drop incoming packets to 127/8 from other interfaces other than loopback interface.

    sudo iptables -D INPUT -i lo -j ACCEPT
    sudo iptables -D INPUT -i lo -d -j REJECT
  10. Remove outbound traffic rule.

    sudo iptables -D OUTPUT -j ACCEPT

  11. Remove logging rule.

    sudo iptables -D INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

  12. Remove rule which dropped packets not matching any other rule.

    sudo iptables -D INPUT -j DROP
    sudo iptables -D FORWARD -j REJECT
  13. Save iptable sevice to save your changes (should show status OK).

    sudo service iptables save

  14. Restart iptables to apply your changes.

    sudo systemctl restart iptables

  15. Check iptables rules (should not contain rules which Management Console install previously added).

    sudo iptables -L

    Check iptables rules

  16. Mask iptables.

    sudo systemctl mask iptables

  17. Stop iptables service.

    sudo systemctl stop iptables