How to Properly Remove a Blocked IP Address from iptables Firewall Rules


2 views

When working with iptables firewall rules, you might encounter frustration when trying to remove specific blocked IP addresses. The common error messages like "Index of deletion too big" or "Bad rule" typically indicate one of these scenarios:

# Common error examples
iptables -D INPUT 35964      # Fails with "Index of deletion too big"
iptables -D INPUT -s 24.7.56.95 -j DROP  # Fails with "Bad rule"

Instead of using rule numbers (which can change), we should identify and delete rules by their specification:

# First, list all rules with line numbers
iptables -L INPUT --line-numbers

# Then delete by matching the exact rule
iptables -D INPUT -s 24.7.56.95 -j DROP

For persistent issues, try these approaches:

# If the rule exists in multiple chains:
iptables-save | grep 24.7.56.95

# For complex rule matching:
iptables -D INPUT -s 24.7.56.95 -p tcp --dport 22 -j DROP

# When dealing with multiple matching rules:
for rule_num in $(iptables -L INPUT --line-numbers | grep 24.7.56.95 | awk '{print $1}' | sort -rn); do
    iptables -D INPUT $rule_num
done

For production systems, consider these professional approaches:

# Using rule comments for easier management
iptables -A INPUT -s 24.7.56.95 -j DROP -m comment --comment "Blocked for brute force attempts"

# Then delete by comment
iptables -D INPUT -m comment --comment "Blocked for brute force attempts" -j DROP

# Alternative: Flush and restore
iptables-save > /tmp/iptables.backup
grep -v "24.7.56.95" /tmp/iptables.backup | iptables-restore

After making changes, always verify:

# Check if rule was removed
iptables -L INPUT -n | grep 24.7.56.95

# Monitor connection attempts
tail -f /var/log/messages | grep 24.7.56.95

When working with iptables firewall rules, you might encounter frustrating errors like:

iptables: Index of deletion too big
iptables: Bad rule (does a matching rule exist in that chain?)

These typically occur when attempting to remove rules by:

  • Incorrect rule numbers
  • Mismatched rule specifications
  • Trying to delete non-existent rules

Method 1: Delete by Rule Number (Properly)

First, list all rules with line numbers:

iptables -L INPUT --line-numbers

Then delete using the correct number format:

iptables -D INPUT [rule_number]

Method 2: Delete by Exact Rule Match

For the example rule:

405 35964 DROP       all  --  !lo    *       IP_ADDRESS     0.0.0.0/0

Use this exact syntax:

iptables -D INPUT -s IP_ADDRESS -j DROP

For Complex Rulesets:

iptables-save | grep -v "IP_ADDRESS" | iptables-restore

If Rules Persist:

service iptables save
service iptables restart
  • Not using the exact same rule syntax when deleting
  • Confusing chain names (INPUT vs FORWARD)
  • Forgetting that rule numbers change after deletions
  • Not saving changes persistently

Remember that iptables rules are case-sensitive and require precise matching of all rule components for successful deletion.