Delete Single Rule from IPTABLES

Delete Single Rule from IPTABLES

There are multiple way to remove/delete single rule from iptables, I will discuss a couple of them here.

First get the list of all the existing CHAIN and the rules under them.

[root@gagan ~]# /sbin/iptables -L -n -v

The output will vary depending on the rules that you have. I don’t want to put in my server rules here!!

Now, let’s assume the output is something like below for CHAIN INPUT

Chain INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  !lo    *       192.168.1.55         0.0.0.0/0
    0     0 DROP       all  --  !lo    *       192.115.148.115      0.0.0.0/0
    0     0 DROP       all  --  !lo    *       10.33.19.55          0.0.0.0/0
    0     0 DROP       all  --  !lo    *       172.20.170.45        0.0.0.0/0
    0     0 DROP       all  --  !lo    *       10.0.1.249           0.0.0.0/0

Now I want to drop the rule for the source IP 10.33.19.55, which the following rule:

    0     0 DROP       all  --  !lo    *       10.33.19.55          0.0.0.0/0

So the following is how I can remove it.

Delete Single Rule from IPTABLES

Now that I know the rule and the CHAIN from which I have remove the rule, I will use the -D flag for IPTABLES.

[root@gagan ~]# /sbin/iptables -D INPUT -s 10.33.19.55 -p all -j DROP

The above is one of the methods that you can use to remove/delete single rule from iptables.

But there is another method which is more easy to use.

Delete Single Rule from IPTABLES – Easier way

First list the rules using the rule numbers in the chain. This can be done using –line-numbers flag with -L in IPTABLES..

[root@gagan ~]# /sbin/iptables -L -n -v –line-numbers

The output should be something like:

num   pkts bytes target     prot opt in     out     source               destination
1        0     0 DROP       all  --  !lo    *       192.168.1.55         0.0.0.0/0
2	 0     0 DROP       all  --  !lo    *       192.115.148.115      0.0.0.0/0
3	 0     0 DROP       all  --  !lo    *       10.33.19.55          0.0.0.0/0
4	 0     0 DROP       all  --  !lo    *       172.20.170.45        0.0.0.0/0
5	 0     0 DROP       all  --  !lo    *       10.0.1.249           0.0.0.0/0

So the rule that I want to remove is at line 3. So I will use the following syntax

/sbin/iptables -D CHAIN_NAME LINE_NUM

So in this case the command will be:

/sbin/iptables -D INPUT 3

Save the rules if you want the changes to be permenant.

[root@gagan ~]# /sbin/iptables-save

OR

[root@gagan ~]# /etc/init.d/iptables save

Delete Single Rule from IPTABLES

No Comments

Post a Comment

Time limit is exhausted. Please reload CAPTCHA.