FreshTomato Wiki

User Tools

Site Tools

Trace:
clearing_iptables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
clearing_iptables [2023/03/08 12:22] rs232clearing_iptables [2023/05/08 04:49] (current) – added "previous" hogwild
Line 1: Line 1:
-===== Clearing iptables custom commands prior to re-applying new ones =====+===== Clearing iptables custom commands prior to applying new ones =====
  
-Assuming the user want so use some custom iptables commands in e.g. script/firewall (but this applies to any re-occurring script like wan-up/etcyou can remove what previously added iptables directive with a simple approach+Let's say, as an example, that you wanted to use some custom iptables commands in script, such as the firewall script. In fact, the following principles would apply to any recurring script (such as "WAN Up").
  
 + \\ You can remove previously-added iptables directives using a simple approach:
 +
 + \\
  
 ''nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done'' ''nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done''
  
-This command here below will check what iptables **-A** (append) or **-I** (insert) have been used in the current Script/Firewall text area and force a run of the same command replacing any **-A** or **-I** with a **-D** (Delete) essentially removing any user added iptables directiveTo be noted that for advanced iptables commands a user might have created custom tables, this is usually achieved via "**-N**" (new). You can apply the same principle as per above looking for **-N**. Do remember that+ \\ 
-  * you need to un-reference the custom table from the built in one first (as per approach above) + 
-  * table needs to be empties with **-F** (Flush) first e.g. **iptables -F $TABLE_NAME** +The commands below will check what iptables **-A** (append) or **-I** (insert) directives have been issued previously in the current Script/Firewall text. They will then force a run of the same commandreplacing any instance of **-A** or **-I** with a **-D** (Delete) command. In essence, this will reverse/remove any previous user-added iptables directives. 
-  * only at this point you will be allowed to remove the table with **iptables -X $TABLE_NAME**. + 
 +user might have created custom tables in which to use advanced iptables commands. This is usually performed using the "**-N**" (new) commandThe same principles described above will also apply to previously-issued directives which used the **-N command**. 
 + 
 + \\ Here are some rules to remember when using these commands: 
 + 
 +  * First, you need to dereference the custom table from the built-in one, using the above method. 
 +  * table must then be emptied with the **-F** (Flush) switch/parameter (for example, **iptables -F $TABLE_NAME **. 
 +  * Only at this point will you be allowed to remove the table with the command:  **iptables -X $TABLE_NAME** . 
 + 
 + \\ 
  
clearing_iptables.1678278139.txt.gz · Last modified: 2023/03/08 12:22 by rs232

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki