Comments

  1. Techy says

    Hi,

    Thanks for sharing your knowledge. I wish you all the very best in all your endeavours.
    By the way, I like your simplicity and versatalileness.

    I am also a system admin but mostly jack of all master of none kinda thing.

    warm regards,
    Raghu

  2. LV says

    Thank you for the post.

    I have a question, do you think it’s possible to create a list where many IP addresses can be entered and the rule above checks the list or do I have to add each IP address individually.

    I hope my question makes sense.

  3. noahrama says

    This is the best way to view chain numbers

    iptables -L INPUT –line-numbers

    you can also substitute with OUTPUT etc

  4. says

    And you have to use “-t nat” if your rule was configured for nat.

    example:
    sudo iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 1.1.1.1:5555

    sudo iptables -t nat -D OUTPUT 1

  5. Mukesh Tilwani says

    After deleting a rule, when i restart iptables that rule come again….please suggest

  6. Sumanta says

    Hi All,

    I am creating a static nat rule in iptables using the command

    iptables -t nat -I POSTROUTING 1 -j SNAT -p ip -s 1.1.1.10/32 –to-source 2.2.2.30-2.2.2.30 -o eth2

    After executing the above command i am able to observe the source translation happening and also it is listed in the iptables nat list.

    After I remove the rule by executing the below command

    iptables -t nat -D POSTROUTING -j SNAT -p ip -s 1.1.1.10/32 –to-source 2.2.2.30-2.2.2.30 -o eth2

    The entry in the iptables nat is deleted, but i am still able to observe the source translation happening from 1.1.1.10 to 2.2.2.30.

    Please suggest what i need to do to delete the entry completely from the nat table or did i missed something.

    Thanks in advance.
    Regards,
    Sumanta.

  7. Matt says

    Hi All

    My Iptables looks like this:

    target prot opt source destination
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:2195
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:8447
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    ACCEPT icmp — 0.0.0.0/0 0.0.0.0/0
    ACCEPT all — 0.0.0.0/0 0.0.0.0/0
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:25

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all — 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    DROP tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:25

    How do I remove the line
    ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    from the first chain? I’m a bit of a noob!

    Thanks

    Matt

  8. hobeandor says

    @ Matt
    read the comments, it’s explained there…
    just as a one time bonus You can try this (according to the comments before me):

    if it’s the first line (as it can be seen in your output)
    # iptables -D ACCEPT 1

  9. Paul Valdez says

    Hi. I have a task to add users workstations ip to the iptables and then remove them after they are done without interruptions to service. I need to write a bash script to add/remove. I am using RHEL 6.Can you give me some insight on how to accomplish this ?

  10. Ahsan Yousuf says

    @Matt: you want to remove rule # 7 from input CHAIN, so that your command would be.
    iptables -D INPUT 7

    Simple as that.

Leave a Reply

Your email address will not be published. Required fields are marked *