Saturday, 8 June 2013

How to remove a rule from iptables

I want to remove a rule from iptables which used to block one of the IPs to and from the server. How can I remove it? We will find it below.

IP which is blocked: 123.456.78.90


This will basically cut off all the tcp communication from and to my server for the IP 123.456.78.90



Now I want to remove this rule so that 123.456.78.90 can easily connect to my server.

So first I need to check which line number this rule is using below command.

iptables -vnL --line-numbers | grep  123.456.78.90

7        0     0 DROP       all        123.456.78.90         0.0.0.0/0          
8        0     0 DROP       all        0.0.0.0/0            123.456.78.90         

The first column is the line number. This is one of the key thing which we need.

Now we also need to know which 'Chain'  this rule comes under. To know this I grep the IP in /etc/sysconfig/iptables file which is used to store all the iptables rules in plain text. In our example, the Chain this rule comes under is 'TDENY'

grep 123.456.78.90 /etc/sysconfig/iptables

-A TDENY -s 123.456.78.90/32   -j DROP
-A TDENY -d 123.456.78.90/32 -j DROP

The command to remove these two rules are:

iptables -D TDENY 7
iptables -D TDENY 8


The format is

iptables -D 'chain type' 'line number'

And don't forget to save your work. To save it use below command:

/etc/init.d/iptables save



No comments:

Post a Comment