Linux iptables rejected - How do I enable it back?
IPtables has a list of rules, and for each packet, it checks the list of rules in order. Once a rule is found that matches the packet and specifies a policy (ACCEPT, REJECT, DROP), the fate of the matching packet is determined; no more rules are examined.
This means that the order in which you run commands is important. When you use iptables -A
, you add a rule to the end of the list of rules, so you will end up with a rule list that looks like this:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT all -- anywhere anywhere
Since the REJECT
rule comes before the ACCEPT
rule, it gets triggered first, and thus forwarding won't happen.
You will therefore need to delete the REJECT
rule instead of adding an ACCEPT
rule. To delete the REJECT rule, run
iptables -D FORWARD -j REJECT
For more information, read the iptables manpage.
The -A
flag tells iptables to append the rule to the chain, meaning it ends up under your REJECT
rule, and since the first rule matches, it's never used.
You list your rules with iptables -L FORWARD
and you will see this yourself. To get rid of the rule you added, run
iptables -D FORWARD -j REJECT
Until there are no more such rules in the chain.