Linux iptables delete prerouting rule command

ADVERTISEMENTS



Step 1 – List the pretrouting rules

I am a new Linux server sysadmin. I need to delete the PREROUTING rule. How do I delete the prerouting rule on Linux server?You need to use the iptables command and ip6tables command. These commands are used to set up, maintain, and inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel. Let us see how to use the iptables command to delete the pretrouting rule on the Linux system. You must be the root user to run these commands.

The syntax is as follows:

sudo iptables -t nat -v -L PREROUTING -n --line-number

OR

sudo iptables -t nat -v -L -n --line-number



-t nat : Select nat table.

: Select nat table. -v : Verbose output.

: Verbose output. -L : List all rules in the selected chain. In other words, show all rules in nat table.

: List all rules in the selected chain. In other words, show all rules in nat table. -L PREROUTING – Display rules in PREROUTING chain only.

– Display rules in PREROUTING chain only. -n : Numeric output. IP addresses and port numbers will be printed in numeric format.

: Numeric output. IP addresses and port numbers will be printed in numeric format. --line-number : When listing rules, add line numbers to the beginning of each rule, corresponding to that rule�s position in the chain. You need to use line numbers to delete nat rules.

Step 2 – Iptables delete prerouting nat rule

Where,

The syntax is:

sudo iptables -t nat -D PREROUTING {rule-number-here}

To delete rule # 1 i.e. the following rule:

1 15547 809K DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.147.164.8:80

Type the following command:

sudo iptables -t nat -D PREROUTING 1

OR

sudo iptables -t nat --delete PREROUTING 1

Verify that rule has been deleted from the PREROUTING chain , enter:

sudo iptables -t nat -v -L PREROUTING -n --line-number

Linux iptables remove prerouting command

Here is another DMZ rule:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

To remove prerouting command, run:

sudo iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

Make sure you save updated firewall rules, either modifying your shell scripts or by running iptables-save command as described here.

Alternate syntax to remove specific PREROUTING rules from iptables