On 10/28/2014 8:55 AM, Léa Massiot wrote:
Christopher Schultz-2 wrote
A bit of warning: when modifying iptables, you need to be very careful
that you don't wipe-out any rules that allow you to gain remote access
to the server. For instance, if you have a default rule to DROP all
packets and an exception that allows port 22 (ssh) traffic, then
flushing all the rules in a table can make it impossible for you to
revert the change without remote-rebooting (or, worse yet, paying
someone to walk into the cage and push the reset button).
Yes right, fortunately I wasn't working on a remote machine.
On Debian Wheezy, the following set of commands actually disables the
firewall:
-------------------------------------------------------
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
-------------------------------------------------------
Best regards.
Hi, Léa-
Ideally, I think you'd want to permanently modify the iptables rules to
enable traffic over the desired port. Doing so would keep the existing
safety measures in place and all of the rules would survive a reboot.
However, if you just want to temporarily disable iptables, I believe
service iptables stop
would do so. Permanently disabling iptables would require a little more
work as, in my experience, it is typically configured to start when the
system is booted.
-Terence Bandoian
--
View this message in context:
http://tomcat.10.x6.nabble.com/HTTPS-URLs-with-no-port-number-Tomcat-only-tp5024482p5024571.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
