Remove iptables PREROUTING NAT rule
Posted on March 14, 2017 • 2 minutes • 267 words • Suggest Changes
I’m still a fan of iptables, I know _firewalld _is most likely the “wrapped iptables” future, but let’s hold on to iptables for just a bit longer shall we ? This is a short how-to on cleaning up PREROUTING NAT rules. PREROUTING can’t be flushed using iptables -F so its a bit different.
I got in this situation trying to add tcp/udp prerouting to a machine, that had to forward packets from one side of the network to a other subnet … well anyway, my iptables contained multiple rules I wanted to get out. So lets go !
First you need to find out what line it is :
iptables -t nat -L --line-numbers
The horrible result is :
iptables -t nat -L --line-numbers Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 2 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 3 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 4 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 5 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 6 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 7 DNAT udp -- anywhere anywhere udp dpt:snmptrap to:10.1.255.245:161 Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) num target prot opt source destination
So now how do I remove a specific rule ? Well by specifying the table (-t), and then _delete (-D) _followed by the chain (prerouting) and the rulenumber (7)
iptables -t nat -D PREROUTING 7
And that’s it, no magic firewalld commands needed !
Buy me a Dr Pepper