Problem scenario
You are running Linux SUSE in AWS. You want to have no firewalls running on the OS. How can you be sure that there is no OS-level firewall running in Linux SUSE?
Solution
#1 Become root with this command: sudo su -
#2 Enter this command: yast firewall
#3 You will see either a screen that warns you about another firewall running or you'll see the YaST2 screen for a firewall. If the situation is the former, then you know another firewall is running. If the latter is the case in this screen you will see "Stop Firewall Now" in aqua. Other other letters will be in light gray; this means that no firewall is running on your Linux OS. If you can put a cursor on "Stop Firewall Now", then the Yast Firewall is running.
If you want to turn off a firewall from your AWS instance, but the Yast Firewall menu above did not help you, follow these steps. First be sure you know what Security Groups that your server is in. An AWS Security Group can simulate an OS firewall for many purposes. Secondly, do these things:
Run this command:
$ sudo iptables-save > /root/firewall.rules
Then run this script that was taken from a cyberciti.biz posting to disable the Linux OS firewall:
#!/bin/bash
# reset.fw - Reset firewall
# set x to 0 - No reset
# set x to 1 - Reset firewall
# ---------------------------------------------------------------------------------------------------------------
# Added support for IPV6 Firewall
# ---------------------------------------------------------------------------------------------------------------
# Written by Vivek Gite <vivek@nixcraft.com>
# Modified by continualintegration.com. We found it worked better with Linux SUSE in AWS with the modifications.
# ---------------------------------------------------------------------------------------------------------------
# You can copy / paste / redistribute this script under GPL version 2.0 or above
# =============================================================
x=1
# set to true if it is CentOS / RHEL / Fedora box
RHEL=false
### continualintegration.com edited a few lines here ###
IPT=/usr/sbin/iptables
IPT6=/usr/sbin/ip6tables
if [ "$x" == "1" ];
then
if [ "$RHEL" == "true" ];
then
# reset firewall using redhat script
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
else
# for all other Linux distro use following rules to reset firewall
### reset ipv4 iptales ###
$IPT -F
$IPT -X
$IPT -Z
for table in $(</proc/net/ip_tables_names)
do
$IPT -t $table -F
$IPT -t $table -X
$IPT -t $table -Z
done
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
### reset ipv6 iptales ###
$IPT6 -F
$IPT6 -X
$IPT6 -Z
for table in $(</proc/net/ip6_tables_names)
do
$IPT6 -t $table -F
$IPT6 -t $table -X
$IPT6 -t $table -Z
done
$IPT6 -P INPUT ACCEPT
$IPT6 -P OUTPUT ACCEPT
$IPT6 -P FORWARD ACCEPT
fi
else
:
fi
# End of script
If you changed your mind, you can revert the firewall changes by running this command without the leading "#" symbol:
# sudo iptables-restore < /root/firewall.rules