To delete specific rules from iptables, you typically need to know the detailed information about the rule, including which chain it resides on (e.g., INPUT, FORWARD, or OUTPUT), and the rule's specific content. There are two common methods to remove rules from iptables:
Method 1: Delete by Rule Number
Each rule has a unique identifier within its chain. First, list all current rules with their numbers:
sudo iptables -L --line-numbers
This will display a number before each rule, which is the rule's identifier. Then, you can delete a specific rule using its identifier. For example, to delete the rule numbered 3 on the INPUT chain, use:
sudo iptables -D INPUT 3
Note that after deleting a rule, the numbering of subsequent rules will be adjusted.
Method 2: Delete by Rule Match Conditions
Another method is to specify the full match conditions of the rule. This approach does not rely on the rule number but on the rule's detailed content. For example, if you have a rule allowing all traffic from IP 192.168.1.100, you can delete it with:
sudo iptables -D INPUT -s 192.168.1.100 -j ACCEPT
In this example, -D indicates deletion, INPUT is the chain, -s 192.168.1.100 specifies the source address, and -j ACCEPT indicates the action to accept the traffic.
Important Note: Before deleting a rule, ensure you fully understand its purpose to prevent unintended disruption of network services. If unsure, consider temporarily disabling the rule instead of deleting it entirely, using the following command:
sudo iptables -I INPUT -s 192.168.1.100 -j DROP
Here, -I is used to insert a new rule, and -j DROP indicates discarding matching packets, effectively simulating the deletion effect. If there are no issues, proceed with the deletion.