Important Information
Iptables is an essential and powerful tool for securing Linux based serverS. It is a command-line tool that allows you to configure packet filtering on Linux. If you are a system administrator and responsible for securing and managing firewalls, then you often need to list and remove unwanted Iptables rules from the Iptables.
In this tutorial, we'll show you how to list and delete Iptables rules in CentOS 7.
Requirements
- A server running on CentOS 7.
- A root password configured on your server.
List All Iptables Rules
To list all Iptables rules by specification, run the following command:
# iptables -S
You should get the following output:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
To list all rules from the specific chain like "INPUT" chain, run the following command:
# iptables -S INPUT
You should see the following output:
-P INPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
You can also list Iptables rules in a table view. It is very useful when you want to compare different rules against each other.
# iptables -L
You should see the following output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
You can also filter the output to a specific chain with the following command:
# iptables -L INPUT
This will list all rules in the "INPUT" chain:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
You can use the option "-v" to list all rules with detail information including, number of packages, and the aggregate size of the packages in bytes:
# iptables -L INPUT -v
You should see the following output:
Chain INPUT (policy ACCEPT 25 packets, 1096 bytes)
pkts bytes target prot opt in out source destination
148 11064 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
1 40 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
Delete Iptables Rules
There are several ways you can delete the Iptables rules.
If you want to delete rules by chain and line number, you'll need to find the rule's line number first. You can list all rules by line number with the following command:
# iptables -L INPUT --line-numbers
You should get the following output:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
2 ACCEPT tcp -- anywhere anywhere tcp dpt:http
3 ACCEPT tcp -- anywhere anywhere tcp dpt:https
Next, you can delete rule "2" of the "INPUT" chain using the following command:
# iptables -D INPUT 2
You can also delete the Iptables rules by the specification. If you want to delete the rules that drop the SSH packages, run the following command:
# iptables -D INPUT -p tcp --dport 22 -j DROP
You can also delete the specific chain with all rules. For example, to delete all rules in the "OUTPUT" chain, use the following command:
# iptables -F OUTPUT
If you want to flush all chains and delete all rules, run the following command:
# iptables -F
To flush and delete all "NAT" and "MANGLE" tables, run the following command:
# iptables -F -t nat -v
# iptables -t mangle -F
Conclusion
In the above tutorial, you've learned how to list and delete Iptables rules in CentOS 7. We hope this will help you to delete unwanted Iptables rules from your system.