iptables remove specific rules

I am hosting special HTTP and HTTPS services on the ports 8006 and 8007 respectively. I use IPTABLES to ‘active’ the server; i.e. to route the incoming HTTP and HTTPS ports:

iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8006 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 8007 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8006 
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8007  
iptables -A OUTPUT -t nat -d -p tcp --dport 80 -j REDIRECT --to-ports 8006
iptables -A OUTPUT -t nat -d -p tcp --dport 443 -j REDIRECT --to-ports 8007 

This works like a charm. However I would like to create another script that disables my server again. I.e. restores IPTABLES to the state it was before running the lines above. However I am having a hard time figuring out the syntax to remove these 6 rules. The only thing that seems to work is a complete flush:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT

But that will also delete other iptables rules which is undesired.

How to write specific iptables rules using python-iptables

I am trying to use python-iptables to write a script to set certain rules. I figured out how to set rules to allow all and deny all, but I need to figure out how to write a rule to allow established c

iptables input, ouput rules

I need help with this iptables rules. I don’t understand why is needed INPUT rule for port 8080 server with public ip iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -I INPUT

IPTables Rules Order

I am trying to implement IPTables rules for traffic on port 443. I want to allow NEW connections up until they reach a rate limit, then drop them and log the dropped packets (I’ll add rate limiting to

Iptables rules conflict

I am using a CentOS 5 VPS. I am running sshd and pptpd on it. Both work fine ( having no firewall rules ), but I felt the need of a firewall. I’m not really into iptables and I think there’s some sort

Removing specific iptables rule

I have the following iptable rules and need help removing it if possible? iptables -t nat -I PREROUTING -p tcp –dport 12348 -j DNAT –to-destination iptables -t nat -I PREROUTING -p

Creating firewall rules using iptables

Is there any way to construct a firewall rule using iptables which filters packets on both input and output? I’ve only been able to find rules like the following which allow you to designate it as a

Iptables rules validation

I have a perl script that generates a shell script that will later be loaded by iptables on a remote machine. The data input for the perl script comes from a config file, where I can specify all kind

Iptables: how to easily group rules in chain?

I have some netfilter rules like this: iptables -I INPUT -j NFQUEUE -p udp –dport 4444 iptables -t mangle -I INPUT -j MARK –set-mark 100 -p udp –dport 4444 iptables -I OUTPUT -j NFQUEUE -p udp –sp

remove specific rules out of inline CSS

i’d like to remove some specific css rules (i.e. width and height) out of inline style attributes. so i want to transform the following: <table id=foo style=border:1px #000 solid; width: 100px;

iptables Drop Policy will drop my accept rules

I have set up several iptables rules , and at the end I set The Policies to Drop But It will Drop every thing even my rules iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptable


Execute the same commands but replace the “-A” with “-D”. For example:

iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT


iptables -D INPUT -i eth0 -p tcp --dport 443 -j ACCEPT

You may also use the rule’s number (–line-numbers):

iptables -L INPUT --line-numbers

Example output :

Chain INPUT (policy ACCEPT) 
    num  target prot opt source destination
    1    ACCEPT     udp  --  anywhere  anywhere             udp dpt:domain 
    2    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:domain 
    3    ACCEPT     udp  --  anywhere  anywhere             udp dpt:bootps 
    4    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:bootps

So if you would like to delete second rule :

iptables -D INPUT 2

The best solution that works for me without any problems looks this way:
1. Add temporary rule with some comment:

comment=$(cat /proc/sys/kernel/random/uuid | sed 's//-//g')
iptables -A ..... -m comment --comment "${comment}" -j REQUIRED_ACTION

2. When the rule added and you wish to remove it (or everything with this comment), do:

iptables-save | grep -v "${comment}" | iptables-restore

So, you’ll 100% delete all rules that match the $comment and leave other lines untouched. This solution works for last 2 months with about 100 changes of rules per day – no issues.Hope, it helps

First list all iptables rules with this command:

iptables -S
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

Then copy the specific rule you want to delete.

Finally delete the rule with this command:

iptables -D INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT