Need to delete the prerouting rule on Linux server?

This guide is for you.

iptables command and ip6tables command are used to set up, maintain, and inspect the tables of IPv4 and IPv6 packet filter rules in the Linux kernel.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Firewall related tasks on their Servers.
In this concept, we shall look how to use the iptables command to delete the pretrouting rule on the Linux system.

1. How to list pretrouting rules in Linux ?

To do this task, you need to be the root user of the Server.
Then, execute the following command;

sudo iptables -t nat -v -L PREROUTING -n --line-number

OR

sudo iptables -t nat -v -L -n --line-number

Where;
i. -t nat : Select nat table.
ii. -v : Verbose output.
iii. -L : List all rules in the selected chain. In other words, show all rules in nat table.
iv. -L PREROUTING – Display rules in PREROUTING chain only.
v. -n : Numeric output. IP addresses and port numbers will be printed in numeric format.
vi. --line-number : When listing rules, add line numbers to the beginning of each rule, corresponding to that rules position in the chain. You need to use line numbers to delete nat rules.

2. How to delete prerouting nat rule in Iptables?

The command to use is;

sudo iptables -t nat -D PREROUTING {rule-number-here}

For example, if you have the following rule;

1    15547  809K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:10.147.164.8:80

You can delete rule # 1 by running the command;

sudo iptables -t nat -D PREROUTING 1

OR

sudo iptables -t nat --delete PREROUTING 1

To verify that rule has been deleted from the PREROUTING chain , execute:

sudo iptables -t nat -v -L PREROUTING -n --line-number

How to use prerouting command to remove rules in Linux iptables ?

Here is another DMZ rule:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

To remove prerouting command, run:

sudo iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

Make sure you save updated firewall rules, either modifying your shell scripts or by running iptables-save command.

Alternative command to remove specific PREROUTING rules from iptables

For instance, you execute the following iptables PREROUTING command for port redirection:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

To delete, run the same above command but replace the “-A” with “-D“:

sudo iptables -t nat -D PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.147.164.8:443

Another example, run the same command but replace the “-I" with "-D". For example, say you have the following rule that redirect SSH (TCP 22) from port 2222 to port 22:

sudo iptables -t nat -I PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22

Becomes:

sudo iptables -t nat -D PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22

OR

sudo iptables -t nat --delete PREROUTING -p tcp --dport 2222 -j REDIRECT --to-ports 22

[Need urgent Support to perform Linux related Installation and Configuration? We are available to help you today.]