Menu
The iptables --append (-A) command allows you to add multiple identical rules, and you seem to have to run the same number of --delete (-D) commands to remove them again.
The iptables manpage says that the --delete command can delete one or more rules from the selected chain. How do I get the --delete command to remove all matching rules in a single operation?
In a script I can loop calling --delete until I get a non-zero exit status, but this seems crufty.
$ # Add two identical rules.
$ /sbin/iptables --append OUTPUT --protocol tcp --destination example.com --jump DROP
$ /sbin/iptables --append OUTPUT --protocol tcp --destination example.com --jump DROP
$ /sbin/iptables -L OUTPUT -v
Chain OUTPUT (policy ACCEPT 6 packets, 780 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- any any anywhere 93.184.216.119
0 0 DROP tcp -- any any anywhere 93.184.216.119
$ # Delete a single rule - can this remove all rules?
$ /sbin/iptables --delete OUTPUT --protocol tcp --destination example.com --jump DROP
$ /sbin/iptables -L OUTPUT -v
Chain OUTPUT (policy ACCEPT 6 packets, 716 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- any any anywhere 93.184.216.119
I'm using iptables v1.4.18 on Amazon Linux (their EC2 base image)
212
Delete All iptables rules (All chains) When you are looking to delete all rules in a chain, you can easily use flush option. Let us check how to use -F or --flush in this section. Be careful when deleting all rules as it may drop your ssh access to the server from the terminal.
Login to Management Console console using an SSH client (e.g. putty). Check iptables status ( which should be active). Check the applied iptables rules. Remove rule which enabled port 8080.
That is because iptables rules, by default, will not persist after a reboot. After configuring your system's iptables rules, there is one more important step thay you must do in order to make sure the rules are still there after a reboot.
I'm afraid you can't do it using just the iptables command line options. What you can do instead is use shell capabilities and xargs:
$ iptables [-t table] -S [chain] | grep [your pattern] | cut -d " " -f 2- | xargs -rL1 iptables [-t table] -D
For example, using your numbers above:
$ iptables -S OUTPUT | grep 93.184.216.119 | cut -d " " -f 2- | xargs -rL1 iptables -D
You can use it also for different tables:
$ iptables -t nat -S | grep 93.184.216.119 | cut -d " " -f 2- | xargs -rL1 iptables -t nat -D
I know this is an old question and probably won't be very helpful to OP, but maybe someone else will stumble upon this problem.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
