Re: how to delete a group of rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2004-11-27 at 12:17, Alexis wrote:
> Hi all, im coding a frontend for iptables based on php and mysql.
>  
> But i have an issue when i try to delete a group of rules, it cant be done. 
>  
> suppose this
>  
> a chain called "x1"
>  
> delete the chain implies 
>  
> - empty the chain
> - delete all  rules that reference the chain
>  
> the first line is easy to do  with iptables -F x1 , but if (as an example)
> in filter::INPUT i have 2 or more references to this chain, executing
> iptables -D INPUT -j x1 will delete only the first one and not all rules
> that references x1.
>  
> Does exist any way to do this from command line using iptables, or code a
> script to do this is the solution?

make it a part of your script.  an example in perl (which should be
straight-forward to port to PHP):

---BEGIN PERL SCRIPT EXAMPLE---
#!/usr/bin/perl

use strict;

my $iptablescmd = "/usr/local/sbin/iptables";
my $savecmd = "/usr/local/sbin/iptables-save";
my $chain = "mychain";
my $savefile = "/var/tmp/ref.test";
my @references;
my $reference;

system ("$savecmd > $savefile");

open (RULES, "$savefile");

while (<RULES>) {
  if ( /\ \-j\ $chain\ / ) {
    s/\-A\ /-D\ /;
    push (@references, $_);
  }
}

close (RULES);

foreach $reference (@references) {
  print "Executing:  $iptablescmd $reference";
  system ("$iptablescmd $reference");
}

print "Executing:  $iptablescmd -F $chain\n";
system ("$iptablescmd -F $chain");

print "Executing:  $iptablescmd -X $chain\n";
system ("$iptablescmd -X $chain");

system ("rm -f $savefile");
--- END PERL SCRIPT EXAMPLE ---

-j

--
"Facts are meaningless. You could use facts to prove anything that's
 even remotely true!"
	--The Simpsons



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux