Iptables is a commonly used to setup, inspect, and maintain tables of IP packet filter rules in Linux, thus its name. In this guide we’ll be showing how you can drop or delete iptables rules.
DROP or Delete Iptables Rules
Before we show you how to drop or delete iptable rules, we need to know which iptable rule we’d like to drop or delete. In this case, if you already know the rule, feel free to skip this upcoming step and move on to the next one.
Listing iptable rules
In order to list iptables rules, we use the iptables command along with the -S flag:
sudo iptables -SOutput
root@linuxify ~ # sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -p tcp --dport 22 -j DROP
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
In our case we have quite a bit of iptables rules, but it will vary from device to device.
DROP or Delete Iptable Rules
Now that we have the list of the iptables rules we have on our system, we can easily drop or delete them with the help of the command iptables along with the flag -D, short for --delete:
sudo iptables -D iptables ruleExample
sudo iptables -D -A INPUT -p tcp --dport 22 -j DROPAnd that’s it! You have successfully dropped (deleted) an iptables rule!
Summary
This guide helped you to easily drop or delete iptable rules with the use of the command iptables with the -D flag.