delete iptables rules

How to Delete Iptables Rules

Team Fedingo

Iptables is a firewall in Linux that allows you to control incoming and outgoing traffic. It consists of a set of rules and rule chains that are used by operating system to block/allow traffic. Sometimes you may need to delete one or more rules in iptables. In this article, we will learn how to delete iptables rules.


How to Delete Iptables Rules

Here are the different ways to delete or remove existing iptables rules. First we will look at the different ways to list existing iptables rules. We need to able to clearly identify and specify while rules are to be deleted.

Open terminal and run the following command to list all active iptables rules.

$ sudo iptables -S

If you want to list a specific rule chain such as INPUT, OUTPUT, TCP, etc. mention the chain name after -S option. Here is an example to view rules in TCP chain.

$ sudo iptables -S TCP

Here is the typical output you will see.

-N TCP
-A TCP -p tcp -m tcp --dport 22 -j ACCEPT

You can also view all iptables rules as a table, with the following command.

$ sudo iptables -L

If you want to view only INPUT chain rules, you can specify the chain name after -L option in iptables.

$ sudo iptables -L INPUT

Here is the typical output you see.

Output
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ICMP       icmp --  anywhere             anywhere             ctstate NEW
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable

Here is what the different columns in about output mean

  • target: If a packet matches the rule, the target specifies what should be done with it – whether it should be accepted, dropped, logged, or sent to another chain
  • prot: protocol such as tcpudpicmp, or all
  • opt: Rarely used, this column indicates IP options
  • source: Source IP address or subnet of the traffic, or anywhere
  • destination: Destination IP address or subnet of the traffic, or anywhere

Now that we have seen different ways to view iptables rules, let us learn how to delete them.


Delete Rules by Specification

You can easily delete iptables rules using -D option followed by rule specification. Here is an example to delete rule that drops invalid incoming packets.

$ sudo iptables -D INPUT -m conntrack --ctstate INVALID -j DROP


Delete Rules by Chain & Number

Each iptable rule has a serial number known as line number. You can also delete iptables rules by mentioning the chain and line number. You can view each rule’s line number with the following command.

$ sudo iptables -L --line-numbers
Output
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  anywhere             anywhere
3    DROP       all  --  anywhere             anywhere             ctstate INVALID
4    UDP        udp  --  anywhere             anywhere             ctstate NEW
5    TCP        tcp  --  anywhere             anywhere             tcp 
...

Once you have the line number of each rule, you can mention it in iptables command. Here is an example to delete rule with line number 3 in INPUT chain.

$ sudo iptables -D INPUT 3

Please note, each rule chain has separate line numbers. So you need to note both the chain name as well as line number to be able to delete a rule.

This method is very useful in deleting individual iptables rules.


Flush Iptables Chain

You can also delete all rules in a chain, known as flushing chain. To flush a chain, which will delete all rules in a chain, use -F or –flush option. Here is an example command to delete all rules in INPUT chain.

$ sudo iptables -F INPUT

If you want to flush all chains, that is, delete all firewall rules, on your system, use the following command. You need to mention -F or –flush option by itself without mentioning any chain name.

$ sudo iptables -F

Please be very careful before you flush all chains in iptables, since you will get locked out of your SSH and may not be able to get access again.

In this article, we have learnt different ways to list iptables rules as well as delete single rules, multiple rules in Linux.

Also read:

How to Use Rsync With SSH Key
How to Run Python Scripts in Sequence
How to Download Gmail Attachment Using Shell Script
How to Do Google Search With Terminal
How to Backup WordPress to Dropbox

Related posts:

How to List All Users in Ubuntu Linux
How to Format USB Drives in Linux
How to Check if File Exists in Shell Script
Shell Script to Count Number of Words in File
How to Test If Variable is Number in Shell Script
How to Disable Root Login in Linux
How to Display Specific Columns in Linux
How to Check Crontab logs in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *