08-14-2011
iptables - most easy way to find rule and remove it?
I have situation where I have rules in iptables with comments. Now... I can for example enter rule like "iptables -A FORWARD -s xxx -j ACCEPT" and delete it with "iptables -D FORWARD -s xxx -j ACCEPT".. but if that rule contain some random comment (-m comment) then ... ? I can find with scripting --line-numbers and remove line number, but there is race thing if something is inserted with "-I" meanwhile.... Anyone cares to suggest something?
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi again. Sorry if it seems like I'm spamming the boards a bit, but I figured I might as well ask all the questions I need answers to at once, and hopefully at least get some.
I have installed Solaris 10 on a server. The default text editors are there (vi, ex, ed, maybe others, I know emacs is... (4 Replies)
Discussion started by: EugeneG
4 Replies
2. UNIX for Advanced & Expert Users
I want to block ping on a linuxbox to any other address where it would go to the default gateway.
vmdebianamd64:/etc/tcng# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
198.9.200.0 * 255.255.255.0 U 0 ... (1 Reply)
Discussion started by: progressdll
1 Replies
3. UNIX for Dummies Questions & Answers
hey guys plz help me..with shell script.
i must find the given(the user types a username) username if is it login or not..
i know how to do it logically, but i think that i can't in scripting.
Thank you all (5 Replies)
Discussion started by: aintour
5 Replies
4. Linux
Hi,
i have 40 client's in my network, that connected to internet via
squid server (WebProxy). i want none of these client can't ping my squid server bat squid server can ping them.i wrote these rules but it is'nt work.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p... (1 Reply)
Discussion started by: skynet_boy
1 Replies
5. Solaris
I just setup a new jumpstart server, and I'm having problems with rules.ok errors.
I'm coming up blank after many Google searches, forum searches, etc.....
This is the error I receive:
Skipped interface e1000g1
Attempting to configure interface e1000g0...
Configured interface e1000g0... (0 Replies)
Discussion started by: christr
0 Replies
6. Shell Programming and Scripting
I'm not able to use a variable in my find rule. It's essentially being ignored.
I'm trying to store a list of file types to ignore in a variable.
This is the relevant code.
#!/bin/ksh
EXCEPTIONS='-not -name "*.xom" -a -not -name "*.sh" -a -not -name "*.pl"'
/usr/local/bin/find... (9 Replies)
Discussion started by: skwyer
9 Replies
7. Cybersecurity
why would: iptables -A INPUT -s 180.0.0.0/8 -j DROP along with /etc/hosts.deny rule of ALL: 180.0.0.0/8 not stop traffic to/from 180.x.x.x, which I still see by running iftop? Or could iftop just be showing an artifact and is there a better way to monitor connections real-time? (3 Replies)
Discussion started by: unclecameron
3 Replies
8. UNIX for Dummies Questions & Answers
(1 Reply)
Discussion started by: senrabdet
1 Replies
9. UNIX for Beginners Questions & Answers
The bash below executes and does find all the .bam files in each R_2019 folder. However set -x shows that the .bam extension only gets removed from one .bam file in each folder (appears to be the last in each). Why is it not removing the extension from each (this is $SAMPLE)? Thank you :).
set... (4 Replies)
Discussion started by: cmccabe
4 Replies
LEARN ABOUT CENTOS
iptables-xml
IPTABLES-XML(1) iptables 1.4.21 IPTABLES-XML(1)
NAME
iptables-xml -- Convert iptables-save format to XML
SYNOPSIS
iptables-xml [-c] [-v]
DESCRIPTION
iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to STDOUT. Use I/O-redirection pro-
vided by your shell to write to a file.
-c, --combine
combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target per
match, so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-v, --verbose
Output xml comments containing the iptables line from which the XML is derived
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j targets in
order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
a target like SNAT and another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table> </iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using libxsltproc
or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore
BUGS
None known as of iptables-1.3.7 release
AUTHOR
Sam Liddicott <azez@ufomechanic.net>
SEE ALSO
iptables-save(8), iptables-restore(8), iptables(8)
iptables 1.4.21 IPTABLES-XML(1)