Skip to main content

Linux iptables delete prerouting rule commandица

Step 1 – List the pretrouting rules

The syntax is as follows:
sudo iptables -t nat -v -L PREROUTING -n --line-number
OR
sudo iptables -t nat -v -L -n --line-number
Iptables list the pretrouting rules on Linux
Where,

  • -t nat : Select nat table.
  • -v : Verbose output.
  • -L : List all rules in the selected chain. In other words, show all rules in nat table.
  • -L PREROUTING – Display rules in PREROUTING chain only.
  • -n : Numeric output. IP addresses and port numbers will be printed in numeric format.
  • --line-number : When listing rules, add line numbers to the beginning of each rule, corresponding to that rule�s position in the chain. You need to use line numbers to delete nat rules.

Step 2 – Iptables delete prerouting nat rule

The syntax is:
sudo iptables -t nat -D PREROUTING {rule-number-here}
To delete rule # 1 i.e. the following rule:

1    15547  809K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:10.147.164.8:80

Type the following command:
sudo iptables -t nat -D PREROUTING 1
OR
sudo iptables -t nat --delete PREROUTING 1
Verify that rule has been deleted from the PREROUTING chain , enter:
sudo iptables -t nat -v -L PREROUTING -n --line-number

Linux iptables remove prerouting command

Here is another DMZ rule:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
To remove prerouting command, run:
sudo iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
Make sure you save updated firewall rules, either modifying your shell scripts or by running iptables-save command as described here.

Alternate syntax to remove specific PREROUTING rules from iptables

Say, you execute the following iptables PREROUTING command for port redirection:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
To delete, run the same above command but replace the “-A” with “-D“:
sudo iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443
Another example, run the same command but replace the “-I" with "-D". For example, say you have the following rule that redirect SSH (TCP 22) from port 2222 to port 22:
sudo iptables -t nat -I PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22
Becomes:
sudo iptables -t nat -D PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22
OR
sudo iptables -t nat --delete PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22

Back to top