FreshTomato Wiki

Let's say, for example, you wanted to use some custom iptables commands in a script, such as the firewall script. Actually, the following examples could apply to any recurring script (such as WAN Up).

You can remove what previously added iptables directive with a simple approach:

nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done

This command here below will check what iptables -A (append) or -I (insert) have been used in the current Script/Firewall text area and force a run of the same command replacing any -A or -I with a -D (Delete). This will essentially remove any user-added iptables directives. It should be noted that, a user might have created custom tables in which to use advanced iptables commands. This is usually achieved via the “-N” (new) switch/parameter. You can apply the same principles above to usage of the -N switch/parameter.

Remember that:

• You need to first dereference the custom table from the built-in one first (using the above approach).
• A table must then be emptied with the -F (Flush) switch/parameter first (for example, iptables -F $TABLE_NAME ) .
• Only at this point will you be allowed to remove the table with the command: iptables -X $TABLE_NAME .