Remove a single iptables rule

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, November 17, 2014

Follow me on Twitter as @mattiasgeniar

How do you remove a single iptable rule from a large ruleset? The easiest way is to delete the rule by the chain-name and the line-number. Here’s an example.

~# iptables -n -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            192.168.1.5      owner UID match 0
2    ACCEPT     udp  --  0.0.0.0/0            192.168.1.6      owner UID match 0
...
30   ACCEPT     tcp  --  0.0.0.0/0            192.168.1.5      multiport dports 11211
31   ACCEPT     tcp  --  0.0.0.0/0            192.168.1.5      multiport dports 11211
32   ACCEPT     udp  --  0.0.0.0/0            192.168.1.6      multiport dports 11211
33   ACCEPT     udp  --  0.0.0.0/0            192.168.1.6      multiport dports 11211
...

If you want to delete a rule in the OUTPUT chain, you can use the line-number next to it to delete it.

~# iptables -D OUTPUT 30

And poof, it’s gone!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.