If you’re using a cloud hosting service like AWS you know that currently there is no way to access the console of a server. So if you’ve made a oopsy with your firewall rules you can easily find yourself locked out of your server. In such cases you’ll need to follow steps similar to what’s described here. Once you’ve gained access to the filesystem the easiest thing to do is temporarily disable the firewall so that you can access the server again. The following instructions assume you’ve mounted the filesystem at
Before running any of the commands you’ll chroot first:
# Enter chroot on /mnt or whatever mount point you used sudo chroot /mnt/
CentOS, RHEL, etc
Most users will be using a variation of RHEL 6 or 7 so I will focus on those.
# RHEL 7 systemctl disable firewalld.service # RHEL 6 chkconfig iptables off
Ubuntu, Debian, etc
I will focus on 16.04 and 14.04 since these are the most common at the moment.
# Version 16.04 systemctl disable ufw # Version 14.04 sed -i s/ENABLED=yes/ENABLED=no/g /etc/ufw/ufw.conf
Exit the chroot and umount the filesystem
exit cd && sudo umount /mnt
Now you can re-attach the block device back to the original server and start it back up. When it boots the fireall service shouldn’t start back up. You should now be able to log back into your server via SSH and edit your firewall rules to ensure you have allowed the access you require.