Linux Deleting Firewall Rules

I would like to to delete my iptables based firewall rules under Linux. How do I delete rules individually or all at once under CentOS or Fedora Linux or RHEL based servers?

You can use the following commands to delete firewall rules under RHEL / Fedora / CentOS / Scientific / Red Hat Enterprise Linux:

Linux IPv4 Firewall Commands

  1. /sbin/iptables – Manage IPv4 based firewall i.e. add / delete / modify firewall rules.
  2. /sbin/chkconfig iptables on – Turn on IPv4 firewall on boot.
  3. /sbin/chkconfig iptables off – Turn off IPv4 firewall on boot.
  4. /sbin/service iptables start – Start the IPv4 based firewall and read configuration stored in /etc/sysconfig/iptables file.
  5. /sbin/chkconfig iptables stop – Stop the IPv4 firewall and flush all rules.
  6. /sbin/chkconfig iptables restart – Restart the IPv4 firewall.
  7. /sbin/chkconfig iptables save – Save the IPv4 based firewall in /etc/sysconfig/iptables file.
  8. /sbin/chkconfig iptables status – See the status of IPv4 based firewall.

Linux IPv6 Firewall Commands

  1. /sbin/ip6tables – Manage IPv6 based firewall i.e. add / delete / modify firewall rules.
  2. /sbin/chkconfig ip6tables on – Turn on IPv6 firewall on boot.
  3. /sbin/chkconfig ip6tables off – Turn off IPv6 firewall on boot.
  4. /sbin/service ip6tables start – Start the IPv6 based firewall and read configuration stored in /etc/sysconfig/iptables file.
  5. /sbin/chkconfig ip6tables stop – Stop the IPv6 firewall and flush all rules.
  6. /sbin/chkconfig ip6tables restart – Restart the IPv6 firewall.
  7. /sbin/chkconfig ip6tables save – Save the IPv6 based firewall in /etc/sysconfig/iptables file.
  8. /sbin/chkconfig ip6tables status – See the status of IPv6 based firewall.

Examples

You must type the following command as the root user:

Delete firewall at once

First, save existing firewall (optional):
# /sbin/service iptables save
Next, stop the firewall:
# /sbin/service iptables stop
See the current status of the firewall:
# /sbin/service iptables status
OR
# /sbin/iptables -v -n

To start firewall At Once

# /sbin/service iptables start
# /sbin/iptables -v -n

Delete firewall individually (i.e. single rule at a time)

First, list the rules along with line numbers:
# /sbin/iptables -L -v -n --line-numbers
Sample outputs:

Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1      207 15336 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 reject-with icmp-host-prohibited 
3        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 reject-with icmp-host-prohibited 
4        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5 reject-with icmp-host-prohibited 
5        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 9 reject-with icmp-host-prohibited 
6        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 10 reject-with icmp-host-prohibited 
7        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 reject-with icmp-host-prohibited 
8        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 reject-with icmp-host-prohibited 
9        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
10       0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
11       0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
12       0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
13       0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
14       2    96 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 reject-with icmp-host-prohibited 
3        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 reject-with icmp-host-prohibited 
4        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 5 reject-with icmp-host-prohibited 
5        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 9 reject-with icmp-host-prohibited 
6        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 10 reject-with icmp-host-prohibited 
7        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4 reject-with icmp-host-prohibited 
8        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 reject-with icmp-host-prohibited 
9        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

To delete rule number 6 on the INPUT chain, enter:
# /sbin/iptables -D INPUT 6
You can only list rules from OUTPUT or INPUT or custom chain as follows:
# /sbin/iptables -L INPUT -v -n --line-numbers
OR
# /sbin/iptables -L OUTPUT -v -n --line-numbers

A note about other Linux distributions

You can use the following command or script to stop the rules:

#!/bin/sh
echo "Saving current firewall rules at /root/current.firewall file..."
iptables-save > /root/current.firewall
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Check out related media

See all commands featured in this tutorial:


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • mett Mar 16, 2014 @ 2:39

    Hi,
    Does sby know if there is a way to delete many rules at once in a chain, using the rule number?
    iptables -t filter INPUT -D 156 155 123
    or without the -t filter part as filter is the default table.
    According to man it seems possible but I get an error each time I try it. One by One OK, many not.
    From man:”
    -D, –delete chain rulenum
    Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for
    the first rule) or a rule to match.”

    From my terminal:”
    iptables -t filter -D INPUT 159 155
    Bad argument `155′ ”

    TIA

  • Iptables Oct 12, 2016 @ 19:45

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum