Turning on your firewall is easy, just run the fw_nat script. But you also want an easy way to turn it off. This will allow you to quickly determine if a problem is caused by the firewall, and to make and test changes easily.

Use the following script, which I call /usr/local/bin/fw_flush. This example deletes all the rules in the filter, NAT, and mangle tables; all chains; and resets all packet and byte counters to zero. It also resets all the default policies to ACCEPT (so that nothing is blocked), and turns off forwarding. It's like having no firewall at all:

 #!/bin/sh ##/usr/local/bin/fw_flush #flush script, which deletes all active rules #and chains, and resets default policies to "accept" #this is like having no firewall at all #define variables ipt="/sbin/iptables" echo "The firewall is now being shut down. All policies are set to ACCEPT, all rules and chains are deleted, all counters are set to zero." #Set default policies to ACCEPT everything $ipt -P INPUT ACCEPT $ipt -P FORWARD ACCEPT $ipt -P OUTPUT ACCEPT $ipt -t nat -P OUTPUT ACCEPT $ipt -t nat -P PREROUTING ACCEPT $ipt -t nat -P POSTROUTING ACCEPT $ipt -t mangle -P INPUT ACCEPT $ipt -t mangle -P OUTPUT ACCEPT $ipt -t mangle -P FORWARD ACCEPT $ipt -t mangle -P PREROUTING ACCEPT $ipt -t mangle -P POSTROUTING ACCEPT #Zero out all counters $ipt -Z $ipt -t nat -Z $ipt -t mangle -Z # Flush all rules, delete all chains $ipt -F $ipt -X $ipt -t nat -F $ipt -t nat -X $ipt -t ...