Iptables 9 Change Rules While in Use

Iptables 9

Change Rules While in Use

You have learnt how rules can be saved in a file, and pasted to Iptables. This may be easy when learning Iptables. However, when using Iptables in real life situations, it may be necessary to add, delete, or replace rules to an existing set up.

You have already used "-A." This appends or adds a rule to a chain after all of the other rules.

iptables -A INPUT -s 60.208.0.0/12 -j DROP

Rules can be deleted using "-D" and the line number. For example, to delete the 5th line on the INPUT chain, use:

iptables -D INPUT 5

To view line numbers at the beginning of each line, type:

iptables -L -n --line-numbers

A rule can be inserted using "-I," with the line number.

iptables -I INPUT 7 -s 202.96.0.0/12 -j DROP

This rule would be inserted at line 7 on the INPUT chain. If no line number is shown, it would be inserted as the first rule on that chain.

A rule can be replaced using "-R," with the line number.

iptables -R INPUT 12 -s 60.0.0.0/11 -j DROP

This rule would replace the rule at line 12 on the INPUT chain.

Saving Rules

If you change rules like this, and restart the computer, it will restart with the previous set of rules. Check that you have made changes correctly using "iptables -L -n," then save them. Rules can be saved using:

iptables-save > /etc/iptables.rules

Saving Rules When Shutting Down

To save the rules when the computer is turned off, add the following line to "/etc/network/interfaces."

post-down iptables-save > /etc/iptables.rules

The computer will then save the rules each time you turn it off.

It is a good idea for people learning this for the first time not to save the rules each time they turn the computer off. It is easy to make a mistake and mess up the firewall set up. It is safer to save them manually after you have checked that you have not made a mistake.

< Iptables 8 Add Chains

Iptables Summary >