FreshTomato Wiki

Assuming the user want so use some custom iptables commands in e.g. script/firewall (but this applies to any re-occurring script like wan-up/etc) you can remove what previously added iptables directive with a simple approach.

nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done

This command here below will check what iptables -A (append) or -I (insert) have been used in the current Script/Firewall text area and force a run of the same command replacing any -A or -I with a -D (Delete) essentially removing any user added iptables directive. To be noted that for advanced iptables commands a user might have created custom tables, this is usually achieved via “-N” (new). You can apply the same principle as per above looking for -N. Do remember that:

• you need to un-reference the custom table from the built in one first (as per approach above)
• a table needs to be empties with -F (Flush) first e.g. iptables -F $TABLE_NAME
• only at this point you will be allowed to remove the table with a iptables -X $TABLE_NAME.