Tuesday, September 20, 2016

Remove iptables rule

I recently had to fool around with IP tables in one of our web instances, and I found this SO link useful. So here it is for everyone (read: myself).

 This happened because Ubuntu had updated some packages and there was a message telling me to restart the instance when I logged in last week. So I foolishly did. As a result, PostgreSQL was broken (/var/run/something was deleted and it took my colleague a good 30 minutes to find that out). And suddenly our Tomcat application wasn't working.


  1. https://my.application.com was timing out.
  2. so was http://my.application.com
  3. But the our direct IP http://123.12.123.12:8080 was working. 
  4. BUT the direct IP http://123.12.123.12:80 wasn't!
  5. Nginx logs were not logging anything at all.
  6. Checking Amazon AWS, I confirmed that both 80 and 8080 were "allowed".

So there's got to be something between AWS and nginx that was blocking port 80, and allowing port 8080. Which was something no human would do.

So I did something I've never had to do before: check iptables. And sure enough I found the below:


So here's the steps I took to wipe out all those rules.
iptables -L INPUT --line-numbers
iptables -D INPUT 5
iptables-save > /etc/iptables/rules.v4

The 2nd line was done a couple of times to remove all the iptables lines.
The last line was so that each time the instance was restarted, the rules would be the same. The rules might be stored in a different file. Check your local distro for details.