18.3.2. Command Options


Command options instruct iptables to perform a specific action. Only one command option is allowed per iptables command. With the exception of the help command, all commands are written in upper-case characters.
The iptables commands are as follows:
  • -A — Appends the iptables rule to the end of the specified chain. This is the command used to add a rule when rule order in the chain does not matter.
  • -C — Checks a particular rule before adding it to the user-specified chain. This command can help you construct complicated iptables rules by prompting you for additional parameters and options.
  • -D — Deletes a rule in a particular chain by number (such as 5 for the fifth rule in a chain). You can also type the entire rule, and iptables deletes the rule in the chain that matches it.
  • -E — Renames a user-defined chain. This does not affect the structure of the table.
  • -F — Flushes the selected chain, which effectively deletes every rule in the the chain. If no chain is specified, this command flushes every rule from every chain.
  • -h — Provides a list of command structures, as well as a quick summary of command parameters and options.
  • -I — Inserts a rule in a chain at a point specified by a user-defined integer value. If no number is specified, iptables places the command at the top of the chain.

    Warning

    Be aware when using the -A or -I option that the order of the rules within a chain are important for determining which rules apply to which packets.
  • -L — Lists all of the rules in the chain specified after the command. To list all rules in all chains in the default filter table, do not specify a chain or table. Otherwise, the following syntax should be used to list the rules in a specific chain in a particular table:
    iptables -L <chain-name> -t <table-name>
    Additional options for the -L command option, which provide rule numbers and allow more verbose rule descriptions, are described in Section 18.3.6, “Listing Options”.
  • -N — Creates a new chain with a user-specified name.
  • -P — Sets the default policy for the specified chain, so that when packets traverse an entire chain without matching a rule, they are sent on to the specified target, such as ACCEPT or DROP.
  • -R — Replaces a rule in the specified chain. The rule's number must be specified after the chain's name. The first rule in a chain corresponds to rule number one.
  • -X — Deletes a user-specified chain. Deleting a built-in chain for any table is not allowed.
  • -Z — Zeros the byte and packet counters in all chains for a table.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.