Uninstall cleanup firewalld / iptables

Hey all really enjoying Bitwarden - I liked it so much at work I’m standing one up for my personal use :slight_smile:

For a work test instance - I installed ok, we like it, going to use it - now I’ve uninstalled the test from this Oracle Linux 7.9 server but some others services now are having issues - just tracked down to firewalld / iptables.

Before Bitwarden, existing services work on port 80 (apache/nagios). After ./bitwarden.sh uninstall and restart, Nagios will not work unless I turn off firewalld or iptables -F . Is there any way to clean up the iptables so it is back to before Bitwarden?


# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
INPUT_direct all – anywhere anywhere
INPUT_ZONES_SOURCE all – anywhere anywhere
INPUT_ZONES all – anywhere anywhere
DROP all – anywhere anywhere ctstate INVALID
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all – anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
FORWARD_direct all – anywhere anywhere
FORWARD_IN_ZONES_SOURCE all – anywhere anywhere
FORWARD_IN_ZONES all – anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all – anywhere anywhere
FORWARD_OUT_ZONES all – anywhere anywhere
DROP all – anywhere anywhere ctstate INVALID
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
OUTPUT_direct all – anywhere anywhere

Chain DOCKER (1 references)
target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
RETURN all – anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target prot opt source destination
RETURN all – anywhere anywhere

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (4 references)
target prot opt source destination
FWDI_public_log all – anywhere anywhere
FWDI_public_deny all – anywhere anywhere
FWDI_public_allow all – anywhere anywhere
ACCEPT icmp – anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (4 references)
target prot opt source destination
FWDO_public_log all – anywhere anywhere
FWDO_public_deny all – anywhere anywhere
FWDO_public_allow all – anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (4 references)
target prot opt source destination
IN_public_log all – anywhere anywhere
IN_public_deny all – anywhere anywhere
IN_public_allow all – anywhere anywhere
ACCEPT icmp – anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp – anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:nrpe ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:webcache ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:81 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

Since there are chains with DOCKER in the name, I uninstalled docker as it is not needed - those went away but the issue with an existing service on port 80 still exists.


Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
INPUT_direct all – anywhere anywhere
INPUT_ZONES_SOURCE all – anywhere anywhere
INPUT_ZONES all – anywhere anywhere
DROP all – anywhere anywhere ctstate INVALID
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all – anywhere anywhere
FORWARD_direct all – anywhere anywhere
FORWARD_IN_ZONES_SOURCE all – anywhere anywhere
FORWARD_IN_ZONES all – anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all – anywhere anywhere
FORWARD_OUT_ZONES all – anywhere anywhere
DROP all – anywhere anywhere ctstate INVALID
REJECT all – anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
OUTPUT_direct all – anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]
FWDI_public all – anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]
FWDO_public all – anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (4 references)
target prot opt source destination
FWDI_public_log all – anywhere anywhere
FWDI_public_deny all – anywhere anywhere
FWDI_public_allow all – anywhere anywhere
ACCEPT icmp – anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (4 references)
target prot opt source destination
FWDO_public_log all – anywhere anywhere
FWDO_public_deny all – anywhere anywhere
FWDO_public_allow all – anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]
IN_public all – anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (4 references)
target prot opt source destination
IN_public_log all – anywhere anywhere
IN_public_deny all – anywhere anywhere
IN_public_allow all – anywhere anywhere
ACCEPT icmp – anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp – anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:nrpe ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:webcache ctstate NEW,UNTRACKED
ACCEPT tcp – anywhere anywhere tcp dpt:81 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

firewalld / iptables are so arcane - unless you live with them it’s hard to understand much more than open a port to a service.

I’ve tried iptables -F, -X, -Z which clears and restores access, but as soon as you restart firewalld, they’re back! I’ve looked in /etc/sysconfig/iptables-config, /etc/firewalld/ have been googling all afternoon, even have access to RedHat documentation - nothing obvious to reset the firewall iptables rules back to default before Bitwarden. I’m sure it is insanely easy, but I just cannot find it.