Q. I am a brand new user of a Linux iptables and I can't find how to instruct my iptables to delete or unblock an IP address listed in iptables firewall. I'm using Debian Linux version. Can you help please?
A. Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. You can delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.
List existing chains
Type the following command to list current IPs in tables:
iptables -L -n
iptables -L -n -v
iptables -L chain-name -n -v
iptables -L spamips -n -v
List existing chains with line number
To display line number along with other information, enter:
iptables -L INPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers | less
iptables -L spamips -n -v --line-numbers
iptables -L spamips -n -v --line-numbers | grep 202.54.1.2
Chain droplist (3 references) num pkts bytes target prot opt in out source destination 1 0 0 LOG 0 -- * * 116.199.128.0/19 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block' 2 0 0 DROP 0 -- * * 116.199.128.0/19 0.0.0.0/0 3 0 0 LOG 0 -- * * 116.50.8.0/21 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block' 4 0 0 DROP 0 -- * * 116.50.8.0/21 0.0.0.0/0 5 0 0 LOG 0 -- * * 128.199.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block' 6 0 0 DROP 0 -- * * 128.199.0.0/16 0.0.0.0/0 7 0 0 LOG 0 -- * * 132.232.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block' 8 0 0 DROP 0 -- * * 132.232.0.0/16 0.0.0.0/0 9 342 23317 LOG 0 -- * * 134.175.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block' 10 342 23317 DROP 0 -- * * 134.175.0.0/16 0.0.0.0/0 11 0 0 LOG 0 -- * * 134.33.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DR
You will get the list of all blocked IP. Look at the number on the left, then use number to delete it. For example delete line number 10 (subner 134.175.0.0/16), enter:
iptables -D INPUT 10
You can also use the following syntax to delete / unblock an IP use the following syntax:
iptables -D INPUT -s xx.xxx.xx.xx -j DROP
iptables -D INPUT -s xx.xxx.xx.xx/yy -j DROP
iptables -D spamlist -s 202.54.1.2 -d 0/0 -j DROP
iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP
On a related note I recommend getting a good Linux command line and netfilter Firewall (iptables) book to understand all technical mumbo jumbo.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 01/23/09
{ 2 comments… read them below or add one }
I didn’t know about the `–line-numbers` parameter, I used to count the lines manually :-|
Thanks :)
Thanks for the tips. I had to change it a little bit for my router. I did ‘iptables -L -n –line-numbers’ then looked at the top above the numbers and it said ‘Chain FORWARD’ (this can vary). So then I did ‘iptables -D FORWARD 1′.