How to Remove/Undo iptables Port Forwarding Rule: Reverting 80→8020 Redirect


1 views

When you executed:

iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 8020

You inserted (-I) a NAT rule in the PREROUTING chain that redirects TCP traffic destined for port 80 to port 8020. The --source 0/0 --destination 0/0 portions mean it applies to all IPs.

Before removing, let's list current NAT rules:

iptables -t nat -L -n --line-numbers

Sample output might show:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source     destination         
1    REDIRECT   tcp  --  0.0.0.0/0  0.0.0.0/0    tcp dpt:80 redir ports 8020

To delete by rule number (recommended method):

iptables -t nat -D PREROUTING 1

Where 1 is the rule number from --line-numbers output.

If you don't know the rule number, you can delete by matching parameters:

iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8020

Warning: This must match the original command exactly, including all optional parameters.

Check that the rule is gone:

iptables -t nat -L -n

You should no longer see the port 80 redirect in the PREROUTING chain.

If you originally saved the rule (e.g., with iptables-save or distribution-specific tools), you'll need to:

# For systems using iptables-persistent:
sudo netfilter-persistent save
sudo netfilter-persistent reload

# Or manually:
iptables-save > /etc/iptables/rules.v4

Here's a full workflow:

# List rules with numbers
sudo iptables -t nat -L -n --line-numbers

# Delete rule 1 from PREROUTING
sudo iptables -t nat -D PREROUTING 1

# Verify removal
sudo iptables -t nat -L -n

# Make changes permanent (Debian/Ubuntu example)
sudo netfilter-persistent save
sudo netfilter-persistent reload

When you set up port forwarding from port 80 to 8020 using iptables, the typical command is:

iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 8020

Before removing any rules, it's good practice to list your current NAT table rules:

iptables -t nat -L --line-numbers

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 8020

There are two main approaches to undo the port forwarding:

Method 1: Delete by Rule Number

iptables -t nat -D PREROUTING 1

Where "1" is the line number from the previous command output.

Method 2: Delete by Matching Parameters

iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8020

After deletion, verify with:

iptables -t nat -L

The port 80 redirect rule should no longer appear in the output.

If you want to completely clear all NAT rules (use with caution):

iptables -t nat -F

Note this will remove ALL NAT rules, not just your port 80 redirect.

On most Linux systems, iptables rules don't persist after reboot unless saved:

# For systems using iptables-persistent:
iptables-save > /etc/iptables/rules.v4

# For CentOS/RHEL:
service iptables save

# For systems with netfilter-persistent:
netfilter-persistent save

If you encounter problems:

  • Ensure you're running commands as root or with sudo
  • Check for multiple matching rules that might need removal
  • Verify no other services (like Docker) are managing iptables rules