Good day all,
I was wondering if anyone is out there who's managed to delete more than 1 line in iptables. The man page says and I quote
-D, --delete chain rulenum
Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.
So I've been trying a few iterations trying to delete say lines 1 2 3 4 just as an example.
iptables -vnL INPUT --line-numbers (works and it shows me the line numbers I want to delete)
then I try:
iptables -D INPUT 1-4
or
iptables -D INPUT 1,2,3,4
I know I can do iptables -D INPUT 1 and this works but my goal is not have to do that 4 times, :-)
command doesn't work, the man page seems limited with this command and my searches have turned up nothing as far as deleting multiple lines in a single command. Short of writing a bash script does anyone have any knowledge on leveraging this type of command and with the syntax I've exampled here? perhaps just a small limitation of the iptables :-D ?
Thanks .
O
Delete more than 1 line in iptables.
Re: Delete more than 1 line in iptables.
Old thread, but it comes up on searches a lot so here goes:
Change the echo as appropriate once you're sure.
If you do it too often, try a crude bash function similar to this:
in ~/.bashrc put this:
Then:
You can check it loaded with:
Then you have a command to do it (it should also tab-complete the main commmand):
Or if it's because you wrote some dodgy script to emulate fail2ban in a mad hurry like I did and are were then stuck with a lot of rules to delete - learn to use fail2ban
Code: Select all
rhino@bofh ~ $ echo $SHELL
/bin/bash
Code: Select all
rhino@bofh ~ $ for i in {24..37};do echo $i;done;
24
25
26
27
28
29
30
31
32
33
34
35
36
37
If you do it too often, try a crude bash function similar to this:
in ~/.bashrc put this:
Code: Select all
iptables_delete ()
{
if [[ $3 == "" ]]; then
echo "Usage: iptables_delete {CHAIN} {starting rule number} {ending rule number}";
return; # don't use exit here - it will exit the controlling shell
fi;
for (( i=$2; i<=$3; i++ ))
do
/sbin/iptables -D $1 $i;
done
}
Code: Select all
source ~/.bashrc
Code: Select all
typeset -f | grep -A7 iptables_delete
Code: Select all
rhino@bofh ~ $ iptables_delete
Usage: iptables_delete {CHAIN} {starting rule number} {ending rule number}
rhino@bofh ~ $ iptables_delete INPUT 24 35
...
Re: Delete more than 1 line in iptables.
I know this is a very old post, but it's of the top result of google so I still marked some comment here.
The answer in the second post is nice, but it has one fatal mistake. All iptables rules must be deleted in the descending order!
When a rule is deleted, all rule number would be shifted immediately.
So if you want to remove first 3 rules, you should do the following:
OR the following
But never the ascending order.
And you are strongly advised to use iptables-save to back up your rules first.
Here is the revised version of iptables_delete (note the subtle change in the for loop).
The answer in the second post is nice, but it has one fatal mistake. All iptables rules must be deleted in the descending order!
When a rule is deleted, all rule number would be shifted immediately.
So if you want to remove first 3 rules, you should do the following:
Code: Select all
iptables -t nat -D POSTROUTING 1
iptables -t nat -D POSTROUTING 1
iptables -t nat -D POSTROUTING 1
Code: Select all
iptables -t nat -D POSTROUTING 3
iptables -t nat -D POSTROUTING 2
iptables -t nat -D POSTROUTING 1
And you are strongly advised to use iptables-save to back up your rules first.
Here is the revised version of iptables_delete (note the subtle change in the for loop).
Code: Select all
iptables_delete ()
{
if [[ $3 == "" ]]; then
echo "Usage: iptables_delete {CHAIN} {starting rule number} {ending rule number}";
return; # don't use exit here - it will exit the controlling shell
fi;
for (( i=$3; i>=$2; i-- ))
do
/sbin/iptables -D $1 $i;
done
}