Чтобы посмотреть список текущих активных правил выполняем команду:
# /sbin/iptables -vnL --line-numbers
-v, —verbose — Verbose output. This option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix ’K’, ’M’ or ’G’ for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this). For appending, insertion, deletion and replacement, this causes detailed information on the rule or rules to be printed.
-n, —numeric — Numeric output. IP addresses and port numbers will be printed in numeric format. By default, the program will try to display them as host names, network names, or services (whenever applicable).
-L, —list [chain] — List all rules in the selected chain. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table (filter is the default), so NAT rules get listed by
iptables -t nat -n -L
Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you use
iptables -L -v
—line-numbers — показать номера строк, чтобы потом можно было удалить какое-то из правил. When listing rules, add line numbers to the beginning of each rule, corresponding to that rule’s position in the chain.
Для просмотра всех возможных опций см. man iptables
Для того, чтобы удалить правило из IPTables служит команда D.
Например, чтобы удалить правило N из цепочки INPUT выполняем:
# /sbin/iptables -D INPUT N
