How to list and delete iptables firewall rules

Iptables is one of the main firewall management tools used in Linux systems, allowing you to filter network traffic according to specified rules. While in many server configurations the rules are created once and rarely changed, sometimes you may need to review, update, or completely remove certain firewall rules. In this tutorial, you will learn how to view, filter, and delete active iptables rules in the Linux operating system.

Preparation

Before you start, make sure you have the iptables firewall installed on your operating system and that you are using a privileged user account with sudo permissions.

Viewing Rules by Specification

First, let’s see how to list the firewall rules. To list all active rules by specification, use the command:

sudo iptables -S

View a Specific Rule Chain

If you want to view only specific rules, such as those in the INPUT, OUTPUT, TCP, etc. chains, you can specify the chain name after the -S argument. For example, to view the INPUT chain:

sudo iptables -S INPUT

Viewing Rules in Table Format

Viewing rules in a table format can be useful when you need to compare different rules together. To view all active rules in a table, use the -L argument:

sudo iptables -L

If you want to filter the rules in the table by a specific chain (e.g., INPUT, OUTPUT, TCP, etc.), type the chain name after the -L argument:

sudo iptables -L INPUT

The first line shows the chain name (in this case, INPUT) along with the default policy (ACCEPT). The next lines show each rule in the chain.

target: what happens to a packet if the rule matches (accept, drop, redirect, etc.).
prot: protocol (tcp, udp, icmp, or all).
opt: IP options (rarely used).
source: source IP or network.
destination: destination IP or network.

The last (unnamed) column specifies the rule options, such as source/destination ports and states.

Viewing Packet Counts and Total Size

When reviewing iptables rules, you can also see the number of packets and the total size in bytes that matched a given rule. This is useful for seeing which rules are actively matching packets. To view this, use the -L and -v parameters together. For example, to view the INPUT chain with -v:

sudo iptables -L INPUT -v

Resetting Packet and Byte Counters

If you want to clear or reset the packet and byte counters, use the -Z parameter. These counters are also cleared when the OS is restarted. This parameter is useful if you want to check whether your server is receiving traffic according to the matching rules.

To clear counters for all chains and rules:

sudo iptables -Z

To clear counters for all rules in a specific chain (e.g., INPUT):

sudo iptables -Z INPUT

To clear counters for a specific rule, specify the chain name and the rule number. For example, to clear counters for the first rule in the INPUT chain:

sudo iptables -Z INPUT 1

Deleting Rules by Specification

One way to delete rules is to provide their specification with the -D parameter. For example, to delete a rule that drops invalid incoming packets:

sudo iptables -D INPUT -m conntrack --ctstate INVALID -j DROP

Note that the -A parameter, which specifies where the rule is added during creation, should not be used when deleting.

Deleting Rules by Chain and Number

Another way is to use the chain name and line number. First, list the rules with line numbers:

sudo iptables -L --line-numbers

Then, to delete a specific rule:

sudo iptables -D INPUT 3

Flushing Chains

Iptables allows you to flush chains - this removes all rules in that chain.

Flush a single chain:

sudo iptables -F INPUT

Flush all chains:

sudo iptables -F

Iptables provides great flexibility and allows you to effectively manage firewall rules on Linux systems. With just a few basic iptables commands, you can perform detailed rule and chain viewing, filtering, editing, and deletion. If you have any questions or encounter difficulties, contact our live support or email us at: [email protected]