1. Techy says


    Thanks for sharing your knowledge. I wish you all the very best in all your endeavours.
    By the way, I like your simplicity and versatalileness.

    I am also a system admin but mostly jack of all master of none kinda thing.

    warm regards,

  2. LV says

    Thank you for the post.

    I have a question, do you think it’s possible to create a list where many IP addresses can be entered and the rule above checks the list or do I have to add each IP address individually.

    I hope my question makes sense.

  3. noahrama says

    This is the best way to view chain numbers

    iptables -L INPUT –line-numbers

    you can also substitute with OUTPUT etc

  4. says

    And you have to use “-t nat” if your rule was configured for nat.

    sudo iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination

    sudo iptables -t nat -D OUTPUT 1

  5. Mukesh Tilwani says

    After deleting a rule, when i restart iptables that rule come again….please suggest

  6. Sumanta says

    Hi All,

    I am creating a static nat rule in iptables using the command

    iptables -t nat -I POSTROUTING 1 -j SNAT -p ip -s –to-source -o eth2

    After executing the above command i am able to observe the source translation happening and also it is listed in the iptables nat list.

    After I remove the rule by executing the below command

    iptables -t nat -D POSTROUTING -j SNAT -p ip -s –to-source -o eth2

    The entry in the iptables nat is deleted, but i am still able to observe the source translation happening from to

    Please suggest what i need to do to delete the entry completely from the nat table or did i missed something.

    Thanks in advance.

  7. Matt says

    Hi All

    My Iptables looks like this:

    target prot opt source destination
    ACCEPT tcp — tcp dpt:143
    ACCEPT tcp — tcp dpt:993
    ACCEPT tcp — tcp dpt:465
    ACCEPT tcp — tcp dpt:587
    ACCEPT tcp — tcp dpt:2195
    ACCEPT tcp — tcp dpt:8447
    ACCEPT tcp — tcp dpt:25
    ACCEPT tcp — tcp dpt:110
    ACCEPT tcp — tcp dpt:443
    ACCEPT tcp — tcp dpt:80
    ACCEPT tcp — tcp dpt:8443
    ACCEPT icmp —
    ACCEPT all —
    ACCEPT tcp — state NEW tcp dpt:22
    REJECT all — reject-with icmp-host-prohibited
    DROP tcp — tcp dpt:25

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all — reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    DROP tcp — tcp dpt:25

    How do I remove the line
    ACCEPT tcp — tcp dpt:25
    from the first chain? I’m a bit of a noob!



  8. hobeandor says

    @ Matt
    read the comments, it’s explained there…
    just as a one time bonus You can try this (according to the comments before me):

    if it’s the first line (as it can be seen in your output)
    # iptables -D ACCEPT 1

  9. Paul Valdez says

    Hi. I have a task to add users workstations ip to the iptables and then remove them after they are done without interruptions to service. I need to write a bash script to add/remove. I am using RHEL 6.Can you give me some insight on how to accomplish this ?

  10. Ahsan Yousuf says

    @Matt: you want to remove rule # 7 from input CHAIN, so that your command would be.
    iptables -D INPUT 7

    Simple as that.

  11. sandeep says

    Good tutorial.
    Incase the copy paste doesn’t work for few.

    cmd = iptables -vnL –line-numbers | grep “IP ADDRESS”

    iptables -D INPUT 225

Leave a Reply

Your email address will not be published. Required fields are marked *