List and Delete Iptables Rules in Linux
Iptables, the built-in firewall for Linux systems, acts like a vigilant guard for your network traffic.
Using predefined rules, it meticulously examines each incoming, outgoing, and forwarded data packet.
- To list rules, use
iptables -L [chain name]
command to view the existing rules in the specified chain. - To delete rules, if you consider deleting by specifics, run
iptables -D [chain name] [rule specification]
and to remove all riles from the specific chain, useiptables -F [chain name]
(oriptables -F
) commands.
These rules determine whether to allow or block the traffic, safeguarding your system from unauthorized access.
You can also use iptables firewall to block a specific port In Linux Firewall and save/restore rules.
Prerequisites to List and Delete Iptables Rules in Linux
One of the main tools to dangers on your Linux systems is proficiency with Iptables rules. Before you jump in, ensure your PC meets the following:
- A Server running Linux VPS.
- A non-root user with
sudo
privileges. - Access to a terminal window/command line.
How to Install Iptables on Linux
In most Linux distributions, iptables is installed by default. Run the command below to verify the installation of iptables:
iptables --version
The version number must be shown by the command. Otherwise, use the below commands to install iptables on your considered distribution:
sudo apt install iptables
sudo apt install iptables-persistent
sudo systemctl enable netfilter-persistent
On RedHat-based Distributions:
sudo yum install iptables
sudo yum install iptables-services
sudo systemctl enable iptables
Essential Commands to Configure iptables Rules in Linux
It is possible to list all rules of the active iptables by specification.
To do this, run the iptables command as below:
sudo iptables -S
It prints rules as a list of specifications.
List iptables Rules in Linux
- To list only that chain’s rules, you need to specify the name of the chain:
sudo iptables -S OUTPUT
- To list a table with every iptables rule (view current rules), arranged according to chains, run:
sudo iptables -L
Three chains are used to sort the rules in the output: INPUT, FORWARD, and OUTPUT.
- To print the chain’s specific details, use the chain name together with the command:
sudo iptables -L INPUT
Displaying the chain name, default policy, target, protocol, IP option, source and destination IP addresses, and specifications in a table is one way to list rules.
- To print additional info such as the number of packets, run:
sudo iptables -L -v
- Also, you can use the
-L
and-v
arguments on a single chain:
sudo iptables -L INPUT -v
- If you need to reset iptables byte counters, you can reboot the system or run:
sudo iptables -Z
Delete iptables Rules in Linux
To delete iptables rules, you can use one of the below methods.
It depends on whether you prefer to delete rules based on specifications, chains, or numbers (straightforward way), or to flush the entire chain.
- To delete iptables Rules by Specifications, run:
sudo iptables -S
Then, you are ready to choose a rule to delete and copy/paste the specification into the command below:
sudo iptables -D [specification]
- To delete Rules by Chains and Numbers, you need to list iptables rules as a table and add the below argument:
sudo iptables -L --line-numbers
The output adds line numbers to each rule mentioned under each of the three chains (INPUT, FORWARD, and OUTPUT).
- Include the line number and the chain name to remove a particular rule:
sudo iptables -D [CHAIN] [LINE_NUMBER]
- To delete a chain and remove all of its rules, flush it with
-F
. Use-F
along with the chain name to flush a single chain.
For example, there are four rules in the OUTPUT chain:
To delete both iptables rules, you need to use the command below and flush the entire OUTPUT chain:
sudo iptables -F OUTPUT
- To remove all iptables rules and disables the firewall, you need to Flush all Chains.
Note that only when starting or resuming the firewall configuration should you follow this procedure:
To prevent being shut out via SSH, change the default policy for each built-in chain to ACCEPT with:
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
To flush all mangle tables and net tables, run:
sudo iptables -t mangle -F
sudo iptables -t nat -F
Run the command below to remove all non-default chains:
sudo iptables -X
To flush all chains, type:
sudo iptables -F
Finally, use the following command to verify that all chains are flushed:
sudo iptables -L --line-numbers
If a rule has become outdated or irrelevant, you can remove it with iptables. This fine-tuning ensures your Linux firewall remains effective while allowing legitimate traffic to flow smoothly.
Iptables Options
Common iptables options are shown in the table below:
Option | Description |
---|---|
-A --append | Append a rule to a chain. |
-C --check | Look for a rule that matches a chain. |
-D --delete | Remove a rule from a chain. |
-F --flush | Remove all rules. |
-L --list | Show all rules in a chain. |
-I --insert | Add a rule to a chain at the provided position. |
-N --new-chain | Create a new chain. |
-V --verbose | Show a more detailed output. |
-X --delete-chain | Delete a chain. |
How to check who is trying to get into the firewall?
To see who’s knocking at your network gates (incoming traffic), outgoing messages (outgoing traffic), or just passing through (forwarded traffic), you can use the sudo iptables -S
command.
This will display the logbook, revealing details like the “chain” (waiting area), “target” (allowed in or sent away), and even the “source” (who’s knocking).
How to delete an iptables rule?
With the rule number from the iptables -S
list in hand, use sudo iptables -D <chain> <rule_number>
to banish it.
Remember, deleting rules can affect your firewall, so be sure you understand what the rule does before giving it the boot!
Can I flush iptables rules?
It’s generally not recommended.
A complete firewall purge (flushing all rules) is like leaving your castle gates wide open!
To do so, you need to use sudo iptables -F <chain>
Remember to replace <chain>
with the specific chain to clear a particular chain. But remember, exercise extreme caution!
How to check rule statistics?
Unfortunately, iptables doesn’t keep a guest counter.
Some advanced tools can provide statistics on rule usage. However, for most users, understanding the rule format and using the iptables -S list
is sufficient for managing your digital castle’s traffic flow.
Conclusion
Listing all the existing rules with iptables helps to understand what traffic is currently permitted and what’s getting blocked.
Keep in mind that deleting rules can affect your firewall configuration.
Ensure you understand the rule before removing it to avoid blocking legitimate traffic.
By effectively listing and deleting iptables rules, you can maintain a strong defense against security threats while keeping your system connected to the world.