1. Techy says


    Thanks for sharing your knowledge. I wish you all the very best in all your endeavours.
    By the way, I like your simplicity and versatalileness.

    I am also a system admin but mostly jack of all master of none kinda thing.

    warm regards,

  2. LV says

    Thank you for the post.

    I have a question, do you think it’s possible to create a list where many IP addresses can be entered and the rule above checks the list or do I have to add each IP address individually.

    I hope my question makes sense.

  3. noahrama says

    This is the best way to view chain numbers

    iptables -L INPUT –line-numbers

    you can also substitute with OUTPUT etc

  4. says

    And you have to use “-t nat” if your rule was configured for nat.

    sudo iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination

    sudo iptables -t nat -D OUTPUT 1

  5. Mukesh Tilwani says

    After deleting a rule, when i restart iptables that rule come again….please suggest

  6. Sumanta says

    Hi All,

    I am creating a static nat rule in iptables using the command

    iptables -t nat -I POSTROUTING 1 -j SNAT -p ip -s –to-source -o eth2

    After executing the above command i am able to observe the source translation happening and also it is listed in the iptables nat list.

    After I remove the rule by executing the below command

    iptables -t nat -D POSTROUTING -j SNAT -p ip -s –to-source -o eth2

    The entry in the iptables nat is deleted, but i am still able to observe the source translation happening from to

    Please suggest what i need to do to delete the entry completely from the nat table or did i missed something.

    Thanks in advance.

  7. Matt says

    Hi All

    My Iptables looks like this:

    target prot opt source destination
    ACCEPT tcp — tcp dpt:143
    ACCEPT tcp — tcp dpt:993
    ACCEPT tcp — tcp dpt:465
    ACCEPT tcp — tcp dpt:587
    ACCEPT tcp — tcp dpt:2195
    ACCEPT tcp — tcp dpt:8447
    ACCEPT tcp — tcp dpt:25
    ACCEPT tcp — tcp dpt:110
    ACCEPT tcp — tcp dpt:443
    ACCEPT tcp — tcp dpt:80
    ACCEPT tcp — tcp dpt:8443
    ACCEPT icmp —
    ACCEPT all —
    ACCEPT tcp — state NEW tcp dpt:22
    REJECT all — reject-with icmp-host-prohibited
    DROP tcp — tcp dpt:25

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all — reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    DROP tcp — tcp dpt:25

    How do I remove the line
    ACCEPT tcp — tcp dpt:25
    from the first chain? I’m a bit of a noob!



  8. hobeandor says

    @ Matt
    read the comments, it’s explained there…
    just as a one time bonus You can try this (according to the comments before me):

    if it’s the first line (as it can be seen in your output)
    # iptables -D ACCEPT 1

  9. Paul Valdez says

    Hi. I have a task to add users workstations ip to the iptables and then remove them after they are done without interruptions to service. I need to write a bash script to add/remove. I am using RHEL 6.Can you give me some insight on how to accomplish this ?

  10. Ahsan Yousuf says

    @Matt: you want to remove rule # 7 from input CHAIN, so that your command would be.
    iptables -D INPUT 7

    Simple as that.

  11. sandeep says

    Good tutorial.
    Incase the copy paste doesn’t work for few.

    cmd = iptables -vnL –line-numbers | grep “IP ADDRESS”

    iptables -D INPUT 225

  12. says

    I’m trying to delete the rule created with this command:
    iptables -I INPUT -p tcp -m multiport –dports 80,443 -m set –match-set fail2ban-forum src -j REJECT –reject-with icmp-port-unreachable
    using this:
    iptables -D INPUT -p tcp -m multiport –dports 80,443 -m set –match-set fail2ban-forum src -j REJECT –reject-with icmp-port-unreachable
    but I get:
    iptables: No chain/target/match by that name.

    I can delete the rule by number, but I’m trying to automate the the delete and there is no way to determine the rule position.

    Any idea why this doesn’t work?

Leave a Reply

Your email address will not be published. Required fields are marked *