We help IT Professionals succeed at work.

Dropped port 22 in iptables - is this permanent?

lucideous asked
Medium Priority
Last Modified: 2013-12-16
I issued the following command not thinking through all of the implications:
iptables -I INPUT -m tcp -p tcp --dport 22 -j DROP
I was immediately dropped from the server - I thought my connection would remain as when you start and stop sshd.  My question is - is port 22 permanently dropped? Is there anyway around this?  If I powercycle the server will sshd on port 22 still be blocked?  Basically - I am looking for a way to login.
As background I issued the command in an attempt to do all of the following:
iptables -I INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -I INPUT -m tcp -p tcp -s --dport 22 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
to eliminate an ssh attack that was happening.
Watch Question

Top Expert 2005
Reboot should make ssh port open again, unless You also have saved the rule into firewall permanent rules - have You?

BTW: to eliminate most of automated attacks, You could set up sshd to listen on some custom port instead of 22. It's not security(it's obscurity), but works good against script kiddies and botnets. I do it personally.


The only command that I issued was:
iptables -I INPUT -m tcp -p tcp --dport 22 -j DROP
Does this permanently save the rule to the firewall?  I won't be able to attempt a reboot until Monday morning.  After I test the solution I will give you the points.  Thanks so much for your reply and I look forward to learning if this above command is saved.
Top Expert 2008
If you have webmin installed you can logon to webmin and issue some commands using the command form to delete the entry you added from iptables

Using (Note the -D)

iptables -D INPUT -m tcp -p tcp --dport 22 -j DROP

 or overwrite the command by using the following IPTABLES rule, this will add an accept rule before the DROP rule and therefore it will match first and thus accepting ssh connections

iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT

as @ravenpl said a reboot can fix it too.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.