Iptables is a firewall utility which is by default available in all Linux distributions. Iptables are normally used to set up, maintain and inspect the tables of packet filter rules in your Linux kernel.
Iptables rules which are no longer required or added by mistake need to be removed. After finishing this tutorial, you will learn the different ways to list and delete iptables rules.
To run iptables commands you require root or sudo user privileges.
To list (view) all rules in iptables
To list all rules in all chains (INPUT, OUTPUT, and FORWARD), iptables uses
Check iptables list syntax:
$ sudo iptables --list or $ sudo iptables -L
Below sample output shows all chains with no rules:
# iptables --list Chain INPUT (policy ACCEPT) Target prot opt source destination Chain FORWARD (policy ACCEPT) Target prot opt source destination Chain OUTPUT (policy ACCEPT) Target prot opt source destination
Let me show you another example that has a rule in the 'OUTPUT' chain.
# iptables -L Chain INPUT (policy ACCEPT) Target prot opt source destination Chain FORWARD (policy ACCEPT) Target prot opt source destination Chain INPUT (policy ACCEPT) Target prot opt source destination DROP icmp -- anywhere anywhere icmp echo-request
Delete All iptables rules (All chains)
When you are looking to delete all rules in a chain, you can easily use flush option. Let us check how to use
--flush in this section.
Be careful when deleting all rules as it may drop your ssh access to the server from the terminal. If that happens then the only option would be to set access via console.
The following command will flush all chains from iptables:
$ sudo iptables --flush or $ sudo iptables -F
After performing the above command your iptables will become completely clear. You can verify the output using
iptables --list command.
Delete Specific Chain
To delete specific chain you need to use
--flush followed by chain name. Let's check an example to completely delete the 'OUTPUT' chain from the iptables.
The following command will delete all rules in the OUTPUT chain:
$ sudo iptables -F OUTPUT
How to delete specific Rule inside a chain
It is possible to delete specific rule inside a chain. We have two options either deleting by rule match or specified rule number.
Delete by rule match
The following command delete a rule in the input chain by matching.
$ sudo iptables -D INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
Delete by specified rule number
To delete a rule by a specific number, you have to first list the rule number (
iptables -L INPUT --line-numbers).
Below is an example shows the line numbers for rules in the 'INPUT' chain.
$ sudo iptables -L INPUT --line-numbers Chain INPUT (policy ACCEPT) Num target prot opt source destination 1 ACCEPT udp -- anywhere anywhere udp dpt:domain 2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain . . .
So, now we have the rule number. Let's go ahead and delete the second rule using
$ sudo iptables -D INPUT 2
Lets check one practical example where you want to delete all nat rules, then use the below commands.
List all nat rules
$ sudo iptables -L -t nat -v
Delete all nat rule
$ sudo iptables -F -t nat -v
You should be cautious before removing iptables rule and recommend to have a backup before. I hope you enjoyed reading and please add your suggestion on the below comment section.