To remove the last line of the iptables rule in the PREROUTING chain, you can delete it by specifying the chain and rule number. First, check the exact rule number with:

sudo iptables -t nat -L PREROUTING --line-numbers -v -n

This will display each rule in the PREROUTING chain with its corresponding line number.

Once you have identified the line number for the rule you want to delete (in your case, the last rule for UDP on enp1s0), use the following command to delete it:

sudo iptables -t nat -D PREROUTING [line-number]

Replace [line-number] with the actual line number of the rule to delete. For example, if the last rule is number 3, you would use:

sudo iptables -t nat -D PREROUTING 3

To remove the specific SNAT rule from the POSTROUTING chain, you can follow these steps:

  1. List the rules with line numbers to identify the exact rule number for the SNAT rule you want to delete:
sudo iptables -t nat -L POSTROUTING --line-numbers -v -n
  1. Once you identify the rule number corresponding to this line:
2787  528K SNAT       0    --  *      *       10.7.0.0/24         !10.7.0.0/24          to:45.77.43.22
  1. Use the iptables -t nat -D POSTROUTING [line-number] command to delete the rule. Replace [line-number] with the rule’s line number.

For example, if the SNAT rule is the 4th rule in the POSTROUTING chain, the command would be:

sudo iptables -t nat -D POSTROUTING 4

This will remove the specific SNAT rule from the POSTROUTING chain.

If you accidentally removed a rule:

Chain POSTROUTING (policy ACCEPT 51126 packets, 3774K bytes)
pkts bytes target prot opt in out source destination
111K 15M MASQUERADE all – * enp1s0 10.8.0.0/24 0.0.0.0/0

To restore the MASQUERADE rule, you can re-add it with the following command:

sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp1s0 -j MASQUERADE

This rule will ensure that traffic from the 10.8.0.0/24 OpenVPN network is masqueraded when leaving through the enp1s0 interface. This should fix the issue and restore OpenVPN functionality.

You can confirm that the rule has been re-added by listing the rules again:

sudo iptables -t nat -L POSTROUTING -v -n