Linux iptables delete prerouting rule command

I am a new Linux server sysadmin. I need to delete the PREROUTING rule. How do I delete the prerouting rule on Linux server?

You need to use the iptables command and ip6tables command. These commands are used to set up, maintain, and inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel. Let us see how to use the iptables command to delete the pretrouting rule on the Linux system. You must be the root user to run these commands.

ADVERTISEMENTS

Step 1 – List the pretrouting rules

The syntax is as follows:
sudo iptables -t nat -v -L PREROUTING -n --line-number
OR
sudo iptables -t nat -v -L -n --line-number
Iptables list the pretrouting rules on Linux
Where,

  • -t nat : Select nat table.
  • -v : Verbose output.
  • -L : List all rules in the selected chain. In other words, show all rules in nat table.
  • -L PREROUTING – Display rules in PREROUTING chain only.
  • -n : Numeric output. IP addresses and port numbers will be printed in numeric format.
  • --line-number : When listing rules, add line numbers to the beginning of each rule, corresponding to that rules position in the chain. You need to use line numbers to delete nat rules.

Step 2 – Iptables delete prerouting nat rule

The syntax is:
sudo iptables -t nat -D PREROUTING {rule-number-here}
To delete rule # 1 i.e. the following rule:

1    15547  809K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:10.147.164.8:80

Type the following command:
sudo iptables -t nat -D PREROUTING 1
OR
sudo iptables -t nat --delete PREROUTING 1
Verify that rule has been deleted from the PREROUTING chain , enter:
sudo iptables -t nat -v -L PREROUTING -n --line-number

Linux iptables remove prerouting command

Here is another DMZ rule:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
To remove prerouting command, run:
sudo iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
Make sure you save updated firewall rules, either modifying your shell scripts or by running iptables-save command as described here.

Alternate syntax to remove specific PREROUTING rules from iptables

Say, you execute the following iptables PREROUTING command for port redirection:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
To delete, run the same above command but replace the “-A” with “-D“:
sudo iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
Another example, run the same command but replace the “-I" with "-D". For example, say you have the following rule that redirect SSH (TCP 22) from port 2222 to port 22:
sudo iptables -t nat -I PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22
Becomes:
sudo iptables -t nat -D PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22
OR
sudo iptables -t nat --delete PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22

Linux Iptables Delete prerouting Rule command

Iptables delete prerouting rule command examples

Related: Linux Iptables Delete postrouting Rule Command

Conclusion

We explained to you how to list and remove/delete iptables pretrouting chain nat rules on your Linux based system. The -D or --delete option delete one or more rules from the selected chain. There are two versions of this command, the rule can be specified as a number in the chain or a rule to match as described above. See iptables man page here and following pages for more info:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS

Comments on this entry are closed.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.