The other way to delete iptables rules is by its chain and line number. To determine a rule’s line number, list the rules in the table format and add the --line-numbers
option:
- sudo iptables -L –line-numbers
[secondary_output Example Output: Rules with Line Numbers]
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 ACCEPT all -- anywhere anywhere
3 DROP all -- anywhere anywhere ctstate INVALID
4 UDP udp -- anywhere anywhere ctstate NEW
5 TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
6 ICMP icmp -- anywhere anywhere ctstate NEW
7 REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
8 REJECT tcp -- anywhere anywhere reject-with tcp-reset
9 REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
10 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,ESTABLISHED
...
This adds the line number to each rule row, indicated by the num header.
Once you know which rule you want to delete, note the chain and line number of the rule. Then run the iptables -D
command followed by the chain and rule number.
For example, if we want to delete the input rule that drops invalid packets, we can see that it’s rule 3
of the INPUT
chain. So we should run this command:
- sudo iptables -D INPUT 3
Now that you know how to delete individual firewall rules, let’s go over how you can flush chains of rules.