Iptables: Unblock / Delete an IP Address Listed in IPtables Tables

by on January 23, 2009 · 3 comments· LAST UPDATED February 15, 2011

in , ,

I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. You can delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.

List existing chains

Type the following command to list current IPs in tables:
iptables -L -n
iptables -L -n -v
iptables -L chain-name -n -v
iptables -L spamips -n -v

List existing chains with line number

To display line number along with other information, enter:
iptables -L INPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers | less
iptables -L spamips -n -v --line-numbers
iptables -L spamips -n -v --line-numbers | grep 202.54.1.2

Chain droplist (3 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        0    --  *      *       116.199.128.0/19     0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
2        0     0 DROP       0    --  *      *       116.199.128.0/19     0.0.0.0/0
3        0     0 LOG        0    --  *      *       116.50.8.0/21        0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
4        0     0 DROP       0    --  *      *       116.50.8.0/21        0.0.0.0/0
5        0     0 LOG        0    --  *      *       128.199.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
6        0     0 DROP       0    --  *      *       128.199.0.0/16       0.0.0.0/0
7        0     0 LOG        0    --  *      *       132.232.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
8        0     0 DROP       0    --  *      *       132.232.0.0/16       0.0.0.0/0
9      342 23317 LOG        0    --  *      *       134.175.0.0/16       0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DROP Block'
10     342 23317 DROP       0    --  *      *       134.175.0.0/16       0.0.0.0/0
11       0     0 LOG        0    --  *      *       134.33.0.0/16        0.0.0.0/0           LOG flags 0 level 4 prefix `LASSO DR

You will get the list of all blocked IP. Look at the number on the left, then use number to delete it. For example delete line number 10 (subner 134.175.0.0/16), enter:
iptables -D INPUT 10
You can also use the following syntax to delete / unblock an IP use the following syntax:
iptables -D INPUT -s xx.xxx.xx.xx -j DROP
iptables -D INPUT -s xx.xxx.xx.xx/yy -j DROP
iptables -D spamlist -s 202.54.1.2 -d 0/0 -j DROP
iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP

Finally, make sure you save the firewall. Under CentOS / Fedora / RHEL / Redhat Linux type the following command:
# service iptables save
On a related note I recommend getting a good Linux command line and netfilter Firewall (iptables) book to understand all technical mumbo jumbo.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 3 comments… read them below or add one }

1 Ghazi Sarhan January 24, 2009 at 8:28 pm

I didn’t know about the `–line-numbers` parameter, I used to count the lines manually :-|
Thanks :)

Reply

2 Rob July 23, 2009 at 10:05 pm

Thanks for the tips. I had to change it a little bit for my router. I did ‘iptables -L -n –line-numbers’ then looked at the top above the numbers and it said ‘Chain FORWARD’ (this can vary). So then I did ‘iptables -D FORWARD 1′.

Reply

3 liza April 11, 2012 at 3:15 am

whenever i ping http://www.aims.ph it looks like this…PLEASE HELP

i cannot view my domain name.. .but icant view using ip address 192.168.2.0 and 159 ms
64 bytes from hit-servfail.opendns.com (67.215.66.132): icmp_seq=21 ttl=57 time=158 ms
64 bytes from hit-servfail.opendns.com (67.215.66.132): icmp_seq=22 ttl=57 time=158 ms
64 bytes from hit-servfail.opendns.com (67.215.66.132): icmp_seq=23 ttl=57 time=159 ms
find this error

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: