I am working on an experiment. When I (client) ssh into a gateway and run sudo iptables --policy INPUT DROPthen the gateway doesn't accept any communucation (or input) from my client.
By running sudo iptables --policy INPUT ACCEPT on the gateway, then the client is able to write again.
My question is: How can I restore the situation from the client?
There are two things you should do to keep that system accessible before changing netfilter-rules:
ssh from your machinecreate an appropriate rule with iptables
sudo iptables -A INPUT -p tcp --dport ssh --source-address yourextIPadd -j ACCEPT
(where yourextIPadd is the IP address of your machine at home, seen from the outside)
or utilizing ufw
If you have ufw installed already you can tell ufw to create an exception
sudo ufw allow from yourextIPadd to any port 22
Before issuing the command to alter the default-policy for netfilter to DROP you can tell the system to revert that command after (say) 5 minutes with the handy command at
sudo at -vM now +5 minutes
now you are in something like an editor, where you can type commands to be executed later, you close/end that by typing CTRLD.
Type
/sbin/iptables --policy INPUT ACCEPT
CTRLD
You will see something like
sudo at -vM now +1 minute
Fri Aug 29 17:46:00 2014
warning: commands will be executed using /bin/sh
at> /sbin/iptables iptables --policy INPUT ACCEPT
at> <EOT>
job 5 at Fri Aug 29 17:46:00 2014
at with sudo (it must be root's at table)sudo within-v tells at to show the intended execution time when you are finished-M tells at to send no e-mail regarding success/failureiptables have a look at the IPTables Howto
