If at some point you screw up your iptables,
there are actually commands to flush them, so you don't have to reboot.
I've actually gotten this question a couple times by now so I thought I'd
answer it right here. If you added a rule in error, you might just change
the -A parameter to -D in the line
you added in error. iptables will find the erroneous
line and erase it for you, in case you've got multiple lines looking
exactly the same in the chain, it erases the first instance it finds
matching your rule. If this is not the wanted behavior you might try to
use the -D option as iptables -D INPUT
10 which will erase the 10th rule in the
INPUT chain.
There are also instances where you want to flush a whole chain,
in this case you might want to run the -F option. For
example, iptables -F INPUT will erase the whole
INPUT chain, though, this will not change
the default policy, so if this is set to
DROP you'll block the whole
INPUT chain if used as above. To reset
the chain policy, do as you did to set it to
DROP, for example iptables -P
INPUT ACCEPT.
I have made a rc.flush-iptables.txt (available as an appendix as well)
that will flush and reset your iptables that you might
consider using while setting up your rc.firewall.txt file
properly. One thing though; if you start mucking around in the
mangle table, this script will not erase those, it is
rather simple to add the few lines needed to erase those but I have not added
those here since the mangle table is not used in my
rc.firewall.txt script so far.
