Dev/Firewall Unload

From Whonix
< Dev
Jump to navigation Jump to search


Ambox warning pn.svg.png Do not proceed unless you know what you are doing!

Ambox warning pn.svg.png This page is intended for developers only!

The following script unloads / removes each and every iptables rule.

Open file ~/firewall-unload in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run.

mousepad ~/firewall-unload

If you are using a terminal, run.

nano ~/firewall-unload

Add.

#!/bin/bash

## Copyright (C) 2012 - 2015 Patrick Schleizer <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

set -o pipefail

error_handler() {
  echo "ERROR!" >&2
  exit 1
}

trap "error_handler" ERR

[ -n "$iptables_cmd" ] || iptables_cmd="iptables --wait"
[ -n "$ip6tables_cmd" ] || ip6tables_cmd="ip6tables --wait"

$iptables_cmd -P INPUT ACCEPT
$iptables_cmd -P FORWARD ACCEPT
$iptables_cmd -P OUTPUT ACCEPT

$iptables_cmd -F
$iptables_cmd -X
$iptables_cmd -t nat -F
$iptables_cmd -t nat -X
$iptables_cmd -t mangle -F
$iptables_cmd -t mangle -X
$iptables_cmd -t raw -F
$iptables_cmd -t raw -X

$ip6tables_cmd -P INPUT ACCEPT
$ip6tables_cmd -P OUTPUT ACCEPT
$ip6tables_cmd -P FORWARD ACCEPT

$ip6tables_cmd -F
$ip6tables_cmd -X
$ip6tables_cmd -t mangle -F
$ip6tables_cmd -t mangle -X
$ip6tables_cmd -t raw -F
$ip6tables_cmd -t raw -X

exit 0

Save.

Make executable.

chmod +x ~/firewall-unload

Run.

sudo ~/firewall-unload