How to List and Delete Iptables Rules in Linux
08 June, 2024 by

List and Delete Iptables Rules in Linux

Iptables, the built-in firewall for Linux systems, acts like a vigilant guard for your network traffic.

Using predefined rules, it meticulously examines each incoming, outgoing, and forwarded data packet.

  • To list rules, use iptables -L [chain name] command to view the existing rules in the specified chain.
  • To delete rules, if you consider deleting by specifics, run iptables -D [chain name] [rule specification] and to remove all riles from the specific chain, use iptables -F [chain name] (or iptables -F) commands.

These rules determine whether to allow or block the traffic, safeguarding your system from unauthorized access.

You can also use iptables firewall to block a specific port In Linux Firewall and save/restore rules.

Prerequisites to List and Delete Iptables Rules in Linux

One of the main tools to dangers on your Linux systems is proficiency with Iptables rules. Before you jump in, ensure your PC meets the following:

  • A Server running Linux VPS.
  • A non-root user with sudo privileges.
  • Access to a terminal window/command line.

How to Install Iptables on Linux

In most Linux distributions, iptables is installed by default. Run the command below to verify the installation of iptables:

iptables --version

The version number must be shown by the command. Otherwise, use the below commands to install iptables on your considered distribution:

On Debian and Ubuntu:

sudo apt install iptables

sudo apt install iptables-persistent

sudo systemctl enable netfilter-persistent

On RedHat-based Distributions:

sudo yum install iptables

sudo yum install iptables-services

sudo systemctl enable iptables

Essential Commands to Configure iptables Rules in Linux

It is possible to list all rules of the active iptables by specification.

To do this, run the iptables command as below:

sudo iptables -S

It prints rules as a list of specifications.

List iptables Rules in Linux

  • To list only that chain’s rules, you need to specify the name of the chain:
sudo iptables -S OUTPUT
  • To list a table with every iptables rule (view current rules), arranged according to chains, run:
sudo iptables -L

Three chains are used to sort the rules in the output: INPUT, FORWARD, and OUTPUT.

  • To print the chain’s specific details, use the chain name together with the command:
sudo iptables -L INPUT

Displaying the chain name, default policy, target, protocol, IP option, source and destination IP addresses, and specifications in a table is one way to list rules.

  • To print additional info such as the number of packets, run:
sudo iptables -L -v
  • Also, you can use the -L and -v arguments on a single chain:
sudo iptables -L INPUT -v
  • If you need to reset iptables byte counters, you can reboot the system or run:
sudo iptables -Z

Delete iptables Rules in Linux

To delete iptables rules, you can use one of the below methods.

It depends on whether you prefer to delete rules based on specifications, chains, or numbers (straightforward way), or to flush the entire chain.

  • To delete iptables Rules by Specifications, run:
sudo iptables -S

Then, you are ready to choose a rule to delete and copy/paste the specification into the command below:

sudo iptables -D [specification]
  • To delete Rules by Chains and Numbers, you need to list iptables rules as a table and add the below argument:
sudo iptables -L --line-numbers

The output adds line numbers to each rule mentioned under each of the three chains (INPUT, FORWARD, and OUTPUT).

  • Include the line number and the chain name to remove a particular rule:
sudo iptables -D [CHAIN] [LINE_NUMBER]
  • To delete a chain and remove all of its rules, flush it with -F. Use -F along with the chain name to flush a single chain.

For example, there are four rules in the OUTPUT chain:

To delete both iptables rules, you need to use the command below and flush the entire OUTPUT chain:

sudo iptables -F OUTPUT
  • To remove all iptables rules and disables the firewall, you need to Flush all Chains.

Note that only when starting or resuming the firewall configuration should you follow this procedure:

To prevent being shut out via SSH, change the default policy for each built-in chain to ACCEPT with:

sudo iptables -P INPUT ACCEPT

sudo iptables -P FORWARD ACCEPT

sudo iptables -P OUTPUT ACCEPT

To flush all mangle tables and net tables, run:

sudo iptables -t mangle -F

sudo iptables -t nat -F

Run the command below to remove all non-default chains:

sudo iptables -X

To flush all chains, type:

sudo iptables -F

Finally, use the following command to verify that all chains are flushed:

sudo iptables -L --line-numbers

If a rule has become outdated or irrelevant, you can remove it with iptables. This fine-tuning ensures your Linux firewall remains effective while allowing legitimate traffic to flow smoothly.

Iptables Options

Common iptables options are shown in the table below:

Option Description
-A
--append		Append a rule to a chain.
-C
--check		Look for a rule that matches a chain.
-D
--delete		Remove a rule from a chain.
-F
--flush		Remove all rules.
-L
--list		Show all rules in a chain.
-I
--insert		Add a rule to a chain at the provided position.
-N
--new-chain		Create a new chain.
-V
--verbose		Show a more detailed output.
-X
--delete-chain		Delete a chain.

How to check who is trying to get into the firewall?

To see who’s knocking at your network gates (incoming traffic), outgoing messages (outgoing traffic), or just passing through (forwarded traffic), you can use the sudo iptables -S command.

This will display the logbook, revealing details like the “chain” (waiting area), “target” (allowed in or sent away), and even the “source” (who’s knocking).

How to delete an iptables rule?

With the rule number from the iptables -S list in hand, use sudo iptables -D <chain> <rule_number> to banish it.

Remember, deleting rules can affect your firewall, so be sure you understand what the rule does before giving it the boot!

Can I flush iptables rules?

It’s generally not recommended.

A complete firewall purge (flushing all rules) is like leaving your castle gates wide open!

To do so, you need to use sudo iptables -F <chain>

Remember to replace <chain> with the specific chain to clear a particular chain. But remember, exercise extreme caution!

How to check rule statistics?

Unfortunately, iptables doesn’t keep a guest counter.

Some advanced tools can provide statistics on rule usage. However, for most users, understanding the rule format and using the iptables -S list is sufficient for managing your digital castle’s traffic flow.

Conclusion

Listing all the existing rules with iptables helps to understand what traffic is currently permitted and what’s getting blocked.

Keep in mind that deleting rules can affect your firewall configuration.

Ensure you understand the rule before removing it to avoid blocking legitimate traffic.

By effectively listing and deleting iptables rules, you can maintain a strong defense against security threats while keeping your system connected to the world.

Leave a Reply

Your email address will not be published. Required fields are marked.