How to Reset iptables Rules: A Comprehensive Guide
Learn how to safely reset iptables to a permissive default state, flush specific chains, save and restore rules, and understand when to use nftables or UFW instead.
iptables is the classic Linux firewall tool that controls which network traffic is allowed in, out, and forwarded through your machine. You'll want to reset it when you've made a mistake, when a misconfigured rule locked you out of SSH, or when you're starting a new firewall policy from scratch.
Understanding iptables Defaults
iptables has three default chains for filtering traffic:
- INPUT — traffic arriving at the machine
- OUTPUT — traffic leaving the machine
- FORWARD — traffic passing through (for routers/gateways)
Each chain has a policy (default action) and a list of rules. Resetting means: set all policies to ACCEPT and delete all rules.
Full Reset: Accept Everything
This is the safest starting point before reconfiguring. It ensures you won't accidentally lock yourself out of SSH when flushing rules.
# Step 1: Set all policies to ACCEPT first (so flushing rules doesn't block traffic)
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
# Step 2: Flush all rules from all chains
sudo iptables -F
# Step 3: Delete user-defined chains
sudo iptables -X
# Step 4: Zero packet and byte counters
sudo iptables -Z
Order matters: Always set policies to
ACCEPTbefore flushing rules. If you flush first while a policy isDROP, all traffic (including your SSH session) will be blocked immediately.
Flush a Specific Chain Only
If you want to reset only one chain without touching the others:
sudo iptables -F INPUT # flush only INPUT rules
sudo iptables -F OUTPUT # flush only OUTPUT rules
sudo iptables -F FORWARD # flush only FORWARD rules
Also Reset NAT and Mangle Tables
iptables has multiple tables: filter (default), nat, and mangle. A full reset should include all of them:
# NAT table (used for port forwarding and masquerading)
sudo iptables -t nat -F
sudo iptables -t nat -X
# Mangle table (used for packet alteration)
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Saving and Restoring Rules
Changes to iptables are in-memory only — they're lost on reboot unless saved.
Save current rules:
sudo iptables-save > /etc/iptables/rules.v4
Restore saved rules:
sudo iptables-restore < /etc/iptables/rules.v4
Persist across reboots (Debian/Ubuntu):
sudo apt install iptables-persistent
sudo netfilter-persistent save
Viewing Current Rules
sudo iptables -L -v -n # list all rules with packet counts
sudo iptables -L INPUT -v -n # list only INPUT chain
sudo iptables -t nat -L -v -n # list NAT table rules
Alternatives to iptables
On modern systems, consider these alternatives:
UFW (Uncomplicated Firewall) — a simpler front-end to iptables, good for servers:
sudo ufw reset # reset UFW to defaults
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw enable
nftables — the modern replacement for iptables (default on newer distros):
sudo nft flush ruleset # clear all nftables rules
On Ubuntu 22.04+ and Debian 10+, iptables commands are often mapped to nftables internally via iptables-nft.
Conclusion
Always set chain policies to ACCEPT before flushing rules — this is the most common mistake when resetting iptables. After a reset, your machine accepts all traffic; immediately begin rebuilding your ruleset or enable UFW to restore protection.