LinuxQuestions.org - about iptables

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - about iptables (https://www.linuxquestions.org/questions/linux-newbie-8/about-iptables-4175492230/)

If you've run iptables -A INPUT -j DROP, you've added a rule, not altered the chain policy.

To remove a single rule, you must know its number in the chain. The command iptables -L INPUT --line-numbers will produce a numbered list of the rules in the INPUT chain.

Once you know the number, you can delete the rule with iptables -D INPUT <number>. Replace <number> with the relevant number as shown in the list.

Quote:

Originally Posted by Ser Olmy (Post 5107287)

thx reply ,

Your method works fine to remove the chain rules that with line number , but I find that the DROP policy do not have line number , would advise what can I do ? thanks

#/sbin/iptables -L -v
Chain INPUT (policy DROP 4996 packets, 589K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps

The policy doesn't have a rule number, because it's the chain policy, not a rule.

You change the policy with

Code:

iptables -P <CHAIN> <ACTION>

where <CHAIN> is the name of the chain (say, INPUT) and <ACTION> is either ACCEPT or DROP. The policy cannot be deleted.