Linux Iptables Delete postrouting Rule Command

I am a new Linux server sysadmin. I need to delete POSTROUTING rule. How do I delete postrouting rule on Linux server?

You need to use iptables and ip6tables command. These commands are used to set up, maintain, and inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel. Let us see how to use the iptables command to to delete postrouting rule on Linux system. You must be root user to run this command.

Step #1: List postrouting rules

The syntax is as follows:
iptables -t nat -v -L POSTROUTING -n --line-number
OR
# iptables -t nat -v -L -n --line-number
Sample outputs:

Fig.01: Linux iptables list nat rules command

Where,

-t nat : Select nat table.
-v : Verbose output.
-L : List all rules in the selected chain i.e show all rules in nat table.
-n : Numeric output. IP addresses and port numbers will be printed in numeric format
--line-number : When listing rules, add line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. You need to use line numbers to delete nat rules.

Step #2: Delete postrouting nat rule (version 1)

The syntax is:
iptables -t nat -D POSTROUTING {number-here}
To delete rule # 5 i.e. the following rule:

5       40  3360 SNAT       all  --  *      *       10.8.0.0/24          0.0.0.0/0            to:202.54.1.5

Type the following command:
iptables -t nat -D POSTROUTING 5
OR
iptables -t nat --delete POSTROUTING 5
Verify it, enter:
# iptables -t nat -v -L POSTROUTING -n --line-number
Sample outputs:

Chain POSTROUTING (policy ACCEPT 94 packets, 6392 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       10   762 MASQUERADE  all  --  *      eth1    10.8.0.0/24          0.0.0.0/0           
2        0     0 MASQUERADE  all  --  *      eth1    10.8.0.0/24          0.0.0.0/0           
3        0     0 MASQUERADE  all  --  *      eth1    10.0.0.0/8           0.0.0.0/0           
4        0     0 MASQUERADE  all  --  *      eth1    10.0.0.0/8           0.0.0.0/0

Another syntax to remove specific postrouting rules from iptables (version 2)

Say, you execute the following postrouting command:
# iptables -t nat -A POSTROUTING -o eth1 -s 10.8.0.0/24 -j MASQUERADE
To delete, run the same above commands but replace the “-A” with “-D”
iptables -t nat -D POSTROUTING -o eth1 -s 10.8.0.0/24 -j MASQUERADE
Another example, run the same commands but replace the “-I” with “-D“. For example:
# iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.54.1.5
Becomes:
# iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.54.1.5
OR
# iptables -t nat --delete POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.54.1.5
The -D or --delete option delete one or more rules from the selected chain. There are two versions of this command, the rule can be specified as a number in the chain (version 1) or a rule to match (version 2) as described above.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft: