I would like to to delete my iptables based firewall rules under Linux. How do I delete rules individually or all at once under CentOS or Fedora Linux or RHEL based servers?
You can use the following commands to delete firewall rules under RHEL / Fedora / CentOS / Scientific / Red Hat Enterprise Linux:
Linux IPv4 Firewall Commands
- /sbin/iptables - Manage IPv4 based firewall i.e. add / delete / modify firewall rules.
- /sbin/chkconfig iptables on - Turn on IPv4 firewall on boot.
- /sbin/chkconfig iptables off - Turn off IPv4 firewall on boot.
- /sbin/service iptables start - Start the IPv4 based firewall and read configuration stored in /etc/sysconfig/iptables file.
- /sbin/chkconfig iptables stop - Stop the IPv4 firewall and flush all rules.
- /sbin/chkconfig iptables restart - Restart the IPv4 firewall.
- /sbin/chkconfig iptables save - Save the IPv4 based firewall in /etc/sysconfig/iptables file.
- /sbin/chkconfig iptables status - See the status of IPv4 based firewall.
Linux IPv6 Firewall Commands
- /sbin/ip6tables - Manage IPv6 based firewall i.e. add / delete / modify firewall rules.
- /sbin/chkconfig ip6tables on - Turn on IPv6 firewall on boot.
- /sbin/chkconfig ip6tables off - Turn off IPv6 firewall on boot.
- /sbin/service ip6tables start - Start the IPv6 based firewall and read configuration stored in /etc/sysconfig/iptables file.
- /sbin/chkconfig ip6tables stop - Stop the IPv6 firewall and flush all rules.
- /sbin/chkconfig ip6tables restart - Restart the IPv6 firewall.
- /sbin/chkconfig ip6tables save - Save the IPv6 based firewall in /etc/sysconfig/iptables file.
- /sbin/chkconfig ip6tables status - See the status of IPv6 based firewall.
Examples
You must type the following command as the root user:
Delete firewall at once
First, save existing firewall (optional):
# /sbin/service iptables save
Next, stop the firewall:
# /sbin/service iptables stop
See the current status of the firewall:
# /sbin/service iptables status
OR
# /sbin/iptables -v -n
To start firewall At Once
# /sbin/service iptables start
# /sbin/iptables -v -n
Delete firewall individually (i.e. single rule at a time)
First, list the rules along with line numbers:
# /sbin/iptables -L -v -n --line-numbers
Sample outputs:
Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 207 15336 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 reject-with icmp-host-prohibited 3 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 reject-with icmp-host-prohibited 4 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 reject-with icmp-host-prohibited 5 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 reject-with icmp-host-prohibited 6 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 10 reject-with icmp-host-prohibited 7 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 reject-with icmp-host-prohibited 8 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 reject-with icmp-host-prohibited 9 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 10 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 11 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 12 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 13 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 14 2 96 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 reject-with icmp-host-prohibited 3 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 reject-with icmp-host-prohibited 4 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 reject-with icmp-host-prohibited 5 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 reject-with icmp-host-prohibited 6 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 10 reject-with icmp-host-prohibited 7 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 reject-with icmp-host-prohibited 8 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 reject-with icmp-host-prohibited 9 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
To delete rule number 6 on the INPUT chain, enter:
# /sbin/iptables -D INPUT 6
You can only list rules from OUTPUT or INPUT or custom chain as follows:
# /sbin/iptables -L INPUT -v -n --line-numbers
OR
# /sbin/iptables -L OUTPUT -v -n --line-numbers
A note about other Linux distributions
You can use the following command or script to stop the rules:
#!/bin/sh echo "Saving current firewall rules at /root/current.firewall file..." iptables-save > /root/current.firewall echo "Stopping firewall and allowing everyone..." iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT
Check out related media
See all commands featured in this tutorial:
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
![RHEL / CentOS Yum Command: Blacklist Packages [ Disable Certain Packages ]](http://s0.cyberciti.org/images/rp/1/13.jpg)
{ 0 comments… add one now }