How To List and Delete Iptables Firewall Rules Linux

How To List and Delete Iptables Firewall Rules Linux. In this guide, we introduce Iptables, its working principle, then show you how to list and delete Iptables rules in Linux.

What are IPtables in Linux?

Primarily, Iptables is a firewall system that works within the Linux kernel, using the Netfilter framework to filter network packets. Is an open source firewall that is used to protect networked computers from malicious activity.

Moreover, it is a type of packet filtering system that uses a set of rules to determine what traffic should be allowed and what should be blocked. Basically, Iptables firewall functions by examines each packet that passes through the Linux network stack and decides whether to accept or drop it based on specific rules configured by a user.

After all, Iptables allow users to configure their firewall through either a command line interface or a graphical front end. This firewall is a Linux based utility used to filter network traffic. It works by matching packets with set rules and then allowing or blocking them accordingly. The firewall is also used to forward packets from one interface to another or one network to another using NAT (Network Address Translation).

How IPtables Firewall Works?

Iptables- a Linux based utility allows users to configure and manage a set of rules to filter incoming and outgoing network traffic. It works by inspecting each packet that passes through the network, comparing it against the rules set up by the user, and then either allowing or denying it access. With iptables, users create a secure environment for their networks and protect their data from malicious threats. To determine which packets match a specific rule, you compare them based on the type of packet protocol, source or destination address, port, the active interface, its relationship to earlier packets, and more.

As and when a packet matches, the action that occurs is referred to as a target. Choosing whether to accept or drop a packet as a final policy decision is an example of a target. The encounter may also be logged, or the packet may be sent to another chain for processing.

Another essential component of iptables architecture is Chains. Chains are a set of rules that a packet is systematically tested against. The packet does the related action and skips the other rules in the chain when it matches one of the rules. Also remember if no rules match, you have the option of dropping the packet or accepting it.

Advantages of iptables Firewall

Firewalls are an important part of any computer network and iptables is one of the most popular firewall tools in use today. Some of the advantages of using an Iptables firewall are:

  • Used to protect hosts from malicious traffic, rate limit certain types of traffic, and block unwanted incoming connections before they reach their destination.
  • Can be used on both Linux and Windows systems, providing an effective way to secure your network.
  • The syntax used for creating iptables rules is relatively easy to learn, however, it does require some privilege in order to issue commands.
  • Another advantage of iptables is you create rules to allow or deny specific types of traffic from entering or leaving your network, as well as control which ports are open or closed. This makes it possible for you to protect your system from malicious attacks and keep your data safe.
  • You can customize Iptables firewall to fit your specific security needs and provides better protection against malicious attacks.
  • Iptables is a Linux firewall that uses packet inspection to filter incoming and outgoing network traffic based on user defined rules.

We have reached the main section of our article How To List and Delete Iptables Firewall Rules Linux.

How To List and Delete Iptables Firewall Rules Linux

In this section, we show you how to list and delete Iptables firewall rules in Linux.

Requirements

  • A root user or a user with sudo privileges.

List Iptables Rules by Specification

There are several ways you can list your active firewall rules in Linux. If you want to list Iptables rules by specification, use the -S option as shown below:

				
					iptables -S
				
			

This will show you all Iptables rules by specification:

				
					-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT
				
			

List Iptables Rules by Table

You can also list Iptables rules as a table. This helps for comparing different rules against each other. Let’s run the Iptables command with -L option to list all rules by the table.

				
					iptables -L
				
			

You will get a list of all active firewall rules sorted by a chain.

				
					Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

				
			

If you only list rules of a specific chain, like INPUT, OUTPUT, and FORWARD. Then, you can run the iptables -L command followed by a specific chain.

				
					iptables -L INPUT
				
			

You should see all active rules of the INPUT chain in the following output.

				
					Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
				
			

List Iptables Rules with Packet Counts and Aggregate Size

Iptables also allow you to list all rules with the number of packets, and the aggregate size of the packets in bytes. Let’s use the -v option with the INPUT chain.

				
					iptables -L INPUT -v
				
			

You should see two additional columns of packets and bytes in the following output.

				
					Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 80 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
607 70686 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
				
			

You can also use the -z option to reset the packet and byte counters for your rules. Run the following command to reset the packet and byte counters for all rules.

				
					iptables -Z
				
			

To reset the packet and byte counters only for the INPUT chain, run the following command.

				
					iptables -Z INPUT
				
			

Delete Iptables Rules by Specification

To delete the Iptables rules by specification, you need to list all your active firewall rules first. You list them with the following command.

				
					iptables -S
				
			

You should see the following output.

				
					-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT

				
			

If you want to delete the last rule “-A OUTPUT -j ACCEPT” from the above output, use the -D option followed by rules as shown below.

				
					iptables -D OUTPUT -j ACCEPT
				
			

Delete the Iptables Rules by Chain Number

Also delete the Iptables rules by chain number. To see the line numbers of all active rules, run the following command.

				
					iptables -L --line-numbers
				
			

You should see the following output.

				
					Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:http
2 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere

				
			

Now, you can following syntax to delete the Iptables rules by chain number.

				
					iptables -D [CHAIN] [LINE_NUMBER]
				
			

For example, to delete the second rule of the INPUT chain, run the following command.

				
					iptables -D INPUT 2
				
			

Delete Iptables Chain

Iptables also allows you to delete a specific chain or all chains. If you want to delete a specific chain, use the -F option followed by the chain name.

				
					iptables -F OUTPUT
				
			

This deletes all of the rules in the OUTPUT chain. To delete the INPUT chain, run the following command.

				
					iptables -F INPUT
				
			

If you want to flush or delete all of the rules in all chains, run the following command.

				
					iptables -F
				
			

To delete all nat and mangle tables, run the following command.

				
					iptables -t mangle -F
iptables -t nat -F
				
			

If you want to delete all non-default chains, run the following command.

				
					iptables -X
				
			

Thank you for reading How To List and Delete Iptables Firewall Rules Linux. We shall conclude this article blog. 

How To List and Delete Iptables Firewall Rules Linux Conclusion

In this post, we have explained how to list and delete Iptables firewall rules via several hands on examples. I hope you have enough understanding to list and delete Iptables firewall rules. Finally, Iptables is a packet filtering firewall that works at the network layer of the protocol stack. It inspects individual packets and looks for patterns in order to decide whether or not to allow or block them, based on firewall rules set by the administrator. Iptables filters both TCP and UDP protocol packets and larger packets such as those used in DHCP communication.

Fell free to explore more our Ubuntu content by navigating to this section of our blog. 

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x