How-to Tutorials

Disabling Linux Software Firewalls Without Console Access

If you're using a cloud hosting service like AWS you know that currently there is no way to access the console of a server. So if you've made a oopsy with your firewall rules you can easily find yourself locked out of your server. In such cases you'll need to follow steps similar to what's described here. Once you've gained access to the filesystem the easiest thing to do is temporarily disable the firewall so that you can access the server again. The following instructions assume you've mounted the filesystem at /mnt.

Before running any of the commands you'll chroot first:

# Enter chroot on /mnt or whatever mount point you used
sudo chroot /mnt/

CentOS, RHEL, etc

Most users will be using a variation of RHEL 6 or 7 so I will focus on those.

# RHEL 7
systemctl disable firewalld.service

# RHEL 6
chkconfig iptables off

Ubuntu, Debian, etc

I will focus on 16.04 and 14.04 since these are the most common at the moment.

# Version 16.04
systemctl disable ufw

# Version 14.04  
sed -i s/ENABLED=yes/ENABLED=no/g /etc/ufw/ufw.conf

Exit the chroot and umount the filesystem

exit
cd && sudo umount /mnt

Now you can re-attach the block device back to the original server and start it back up. When it boots the fireall service shouldn't start back up. You should now be able to log back into your server via SSH and edit your firewall rules to ensure you have allowed the access you require.

Next Post

Previous Post

© 2023 linux bucket

All rights reserved