Feb 09 2007
13 Comments
By Major Hayden

Delete single iptables rules

You can delete them based on what they’re doing:

iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT

Or you can delete them based on their number and chain name:

iptables -D INPUT 4
Tagged ,

13 thoughts on “Delete single iptables rules

  1. jj says:
    March 10, 2011 at 5:15 pm

    where do you find the chain number and name?

  2. robotslacker says:
    March 26, 2011 at 7:57 am

    @ij:

    The number is the row number of the item when you list them using:

    iptables –list

  3. Major Hayden says:
    August 5, 2011 at 11:48 pm

    ij: Try iptables -vnL –line-numbers

  4. klovn says:
    August 17, 2011 at 2:28 pm

    THANKS! saved me alot of time :)

  5. Techy says:
    August 30, 2011 at 3:28 am

    Hi,

    Thanks for sharing your knowledge. I wish you all the very best in all your endeavours.
    By the way, I like your simplicity and versatalileness.

    I am also a system admin but mostly jack of all master of none kinda thing.

    warm regards,
    Raghu

  6. LV says:
    October 15, 2011 at 12:18 am

    Thank you for the post.

    I have a question, do you think it’s possible to create a list where many IP addresses can be entered and the rule above checks the list or do I have to add each IP address individually.

    I hope my question makes sense.

  7. noahrama says:
    January 12, 2012 at 10:24 am

    This is the best way to view chain numbers

    iptables -L INPUT –line-numbers

    you can also substitute with OUTPUT etc

  8. Price says:
    October 5, 2012 at 11:27 am

    Thanks for the Trick This helps me alot

  9. Azman says:
    December 13, 2012 at 5:07 am

    And you have to use “-t nat” if your rule was configured for nat.

    example:
    sudo iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 1.1.1.1:5555

    sudo iptables -t nat -D OUTPUT 1

  10. Mukesh Tilwani says:
    March 9, 2013 at 4:26 am

    After deleting a rule, when i restart iptables that rule come again….please suggest

  11. Major Hayden says:
    March 10, 2013 at 4:40 pm

    Mukesh,

    You’ll probably need to save your rules to a file first. If you’re on Red Hat or CentOS, just use “service iptables save”.

  12. computer security learning says:
    March 15, 2013 at 3:02 pm

    Thanks. Straight to the point and it Works.

  13. Sumanta says:
    April 25, 2013 at 2:26 am

    Hi All,

    I am creating a static nat rule in iptables using the command

    iptables -t nat -I POSTROUTING 1 -j SNAT -p ip -s 1.1.1.10/32 –to-source 2.2.2.30-2.2.2.30 -o eth2

    After executing the above command i am able to observe the source translation happening and also it is listed in the iptables nat list.

    After I remove the rule by executing the below command

    iptables -t nat -D POSTROUTING -j SNAT -p ip -s 1.1.1.10/32 –to-source 2.2.2.30-2.2.2.30 -o eth2

    The entry in the iptables nat is deleted, but i am still able to observe the source translation happening from 1.1.1.10 to 2.2.2.30.

    Please suggest what i need to do to delete the entry completely from the nat table or did i missed something.

    Thanks in advance.
    Regards,
    Sumanta.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>