All Linux servers use iptables (or its modern replacement, nftables, on some distributions) as the underlying firewall framework to control which connections are allowed or denied. These firewall rules determine how traffic flows to and from your server.
In some cases, you may be blocked from accessing a particular service due to firewall restrictions. If this happens, you can typically regain access by logging in as root and clearing the relevant firewall rules. Below are detailed instructions for flushing rules in iptables and, if installed, ConfigServer Security & Firewall (CSF).
Flushing iptables Rules
Flush a Single Chain
A “chain” is a list of firewall rules that apply to a specific direction of traffic (e.g., INPUT, OUTPUT, FORWARD).
To flush (delete) all the rules in a specific chain, use the -F
or --flush
option followed by the chain name.
Example: flush the INPUT chain (removing all rules that control incoming traffic):
This command removes all rules in the INPUT chain, but leaves rules in other chains intact.
Flush All Chains
To completely clear all firewall rules across all chains, use the flush command without specifying a chain:
This will wipe the current firewall configuration, essentially leaving the server without active packet filtering rules until new ones are applied.
⚠️ Important: Flushing all chains can expose your server to all incoming traffic. This should only be done in controlled environments, such as troubleshooting or when you plan to immediately reapply proper firewall rules.
Using CSF (ConfigServer Security & Firewall)
If you are using CSF as your firewall management tool (common in cPanel and many hosting environments), you should not manually manipulate iptables rules, as CSF will override them. Instead, use the CSF commands directly.
To flush all blocks using CSF:
This command clears all temporary and permanent firewall blocks managed by CSF, restoring open access until CSF rules are reapplied.
Best Practices
-
Backup your rules: Before flushing, consider saving your existing iptables configuration:
-
Reload rules after flushing: If you flush rules for troubleshooting, remember to reload or reapply your intended firewall policies afterwards to maintain server security.
-
Use CSF for consistency: If CSF is installed, always manage firewall rules through CSF to avoid conflicts.
✅ Summary:
-
Use
iptables -F <CHAIN>
to flush a single chain. -
Use
iptables -F
to flush all chains. -
If CSF is installed, use
csf -f
instead of direct iptables commands.