Clearing iptables custom commands prior to applying new ones

Let's say, as an example, that you wanted to use some custom iptables commands in a script, such as the firewall script. In fact, the following principles would apply to any recurring script (such as “WAN Up”).


You can remove previously-added iptables directives using a simple approach:


nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done


The commands below will check what iptables -A (append) or -I (insert) directives have been issued previously in the current Script/Firewall text. They will then force a run of the same command, replacing any instance of -A or -I with a -D (Delete) command. In essence, this will reverse/remove any previous user-added iptables directives.

A user might have created custom tables in which to use advanced iptables commands. This is usually performed using the “-N” (new) command. The same principles described above will also apply to previously-issued directives which used the -N command.


Here are some rules to remember when using these commands: