Software >> OS >> Unix >> Linux >> iptables >> How to manipulate iptables

List

# iptables -L

List rules in chain named INPUT

# iptables -L INPUT

List rule number 8 in chain named INPUT

# iptables -L INPUT 8

Delete

Delete rule number 9 in chain named INPUT

# iptables -D INPUT 9

Add

Add rule to the bottom of chain named INPUT.  Add ssh allow rule

# iptables -A INPUT -p tcp --deport ssh -j ACCEPT

Insert

# iptables -I INPUT 8 -p tcp -s 192.168.56.0/24 --dport 22 -j ACCEPT  #note double dash for dport

Step1: take the backup of existing firewall rules

 #iptables-save > iptables.save 

Step2:

Edit/Add new rule to “iptables.save” file. 

Note: the new rule which you want to allow a port should be above reject/drop rules. 

Example:

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:1002
DROP       icmp --  anywhere             anywhere            icmp any
REJECT     tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp reject-with icmp-port-unreachable 

Step3: restore the iptables 

#iptables-restore < iptables.save 

Step4: verify the whether new port is added to the iptables. 

# iptables -L