how to delete a group of rules (nfcan: addressed to exclusive
sender for this address)
Jim Laurino
nfcan.x.jimlaur at dfgh.net
Sat Nov 27 19:12:50 CET 2004
On 2004.11.27 12:17, Alexis - alexis at tpys.com.ar wrote:
> Hi all, im coding a frontend for iptables based on php and mysql.
>
> But i have an issue when i try to delete a group of rules, it cant be done.
>
> suppose this
>
> a chain called "x1"
>
> delete the chain implies
>
> - empty the chain
> - delete all rules that reference the chain
For what its worth, I would empty the chain
after I deleted the references.
>
> the first line is easy to do with iptables -F x1 , but if (as an example)
> in filter::INPUT i have 2 or more references to this chain, executing
> iptables -D INPUT -j x1 will delete only the first one and not all rules
> that references x1.
I believe that any rule can be deleted by specifying the exact parameters
used to create it, that is changing the -A for instance to -D, leaving
the rest of the command unchanged (for example -p tcp, or -d x.x.x.x, etc.).
Surely each rule in a table has a unique pattern, or why would it be there?
This does not, as you say, allow for deletion of a group of related commands,
however, it should let you accomplish what you need to do.
Just delete the rules iteratively, one at a time,
creating the delete commands from those used to add each rule.
I hope that helps.
Jim
More information about the netfilter
mailing list