FreshTomato Wiki

Let's say, as an example, that you wanted to use some custom iptables commands in a script, such as the firewall script. In fact, the following principles would apply to any recurring script (such as WAN Up).

You can remove previously-added iptables directives using a simple approach:

nvram get script_fire | grep -E '^iptables*' | sed 's/-A\|-I/-D/' | while read line; do exec ${line} &>/dev/null; done

The commands below will check what iptables -A (append) or -I (insert) directives have been issued previously in the current Script/Firewall text. They will then force a run of the same command, replacing any instance of -A or -I with a -D (Delete) switch/parameter. Essentially this will essentially reverse/remove any user-added iptables directives. It should be noted that, a user might have created custom tables in which to use advanced iptables commands. This is usually achieved via the “-N” (new) switch/parameter. The same principles described above will apply to previous usage of the -N switch/parameter.

Here are some things to remember when considering these commands:

• First, you need to dereference the custom table from the built-in one first (using the above approach).
• A table must then be emptied with the -F (Flush) switch/parameter first (for example, iptables -F $TABLE_NAME ) .
• Only at this point will you be allowed to remove the table with the command: iptables -X $TABLE_NAME .