How to delete a Netfilter rule with iptables

Last updated: Sep 10, 2020

Here's a method to easily delete a rule under the Netfilter firewall with the iptables command.

Intro

Configuration

OS : Arch Linux 3.19.2
iptables : v1.4.21

Commands

List current rules

First we list our current rules :

root@host:~# iptables --line-numbers -L -n -v -t filter

--line-numbers : give a number for each rules
-L : list rules
-n : disable DNS resolution
-v : verbose
-t filter precise the Netfilter table

root@host:~# iptables --line-numbers -L -n
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          state NEW udp dpt:5353
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Delete

Here we delete the rule n°6 of the INPUT chain :

root@host:~# iptables -t filter -D INPUT 6

-D : delete

We can also delete the same rule using this command :

root@host:~# iptables -D INPUT -m tcp -p tcp --dport 22 -j ACCEPT

Computing

Music

Misc