'iptables moving rule in a list
i have 2 rules of iptables
iptables -A INPUT -s 5.5.5.5 -j DROP
iptables -A INPUT -s 6.5.5.5 -j ACCEPT
is there a function or a command that will swap the rules to be like this:
iptables -A INPUT -s 6.5.5.5 -j ACCEPT
iptables -A INPUT -s 5.5.5.5 -j DROP
Solution 1:[1]
First check the line number:
iptables -nL --line-numbers
Delete based on line:
iptables -D INPUT {line}
Insert where you would like it to be:
iptables -I INPUT {line} -i lo -p tcp --dport {port} -j ACCEPT -m comment --comment "This rule is here for this reason"
Found at these sources:
Solution 2:[2]
We had an issue with the order of some rules, and the most efficient way I found to change this was with two tools:
- iptables-save
- iptables-restore
First dump the rules into a file:
sudo iptables-save > /root/iptrules.txt
Then edit the file with your favorite text editor:
sudo vim /root/iptrules.txt
Make the necessary movements and then restore the rules:
sudo iptables-restore < /root/iptrules.txt
Solution 3:[3]
There is no such command to swap two iptables rules.
You can just delete and insert them into appropriate position.
Solution 4:[4]
There is a program named iptables-persistent which make iptable's rules persistent as a os service. this service include a configuration file as the iptables-save export.
So you can reorder the lines in the configuration file and restart the service.
sudo service iptables-persistent restart
So easy!!!!!
Solution 5:[5]
Instead of -A use -D to delete and then add again
iptables -D INPUT -s 5.5.5.5 -j DROP
iptables -D INPUT -s 6.5.5.5 -j ACCEPT
Now add with swaped value
iptables -A INPUT -s 5.5.5.5 -j ACCEPT
iptables -A INPUT -s 6.5.5.5 -j DROP
Solution 6:[6]
Let's assuem your INPUT chain has only these two rules, so their ID number would be 1 and 2 respectively for -A INPUT -s 5.5.5.5 -j DROP and -A INPUT -s 6.5.5.5 -j ACCEPT
Now, let's switch them:
iptables -R INPUT 2 -s 5.5.5.5 -j DROP
iptables -R INPUT 1 -s 6.5.5.5 -j ACCEPT
iptables -R is a command to Replace a rule already existed in iptables with another.
Its usage is: iptables -R [chain name] [line number] [new rule]
Solution 7:[7]
Solution 1
If those rules are permanent and therefore located in the /etc/iptables/rules.v4 and etc/iptables/rules/v6 files, then you can just edit both files and move the rules to fit the desired order, something like:
-A INPUT -s 6.5.5.5 -j ACCEPT
-A INPUT -s 5.5.5.5 -j DROP
Restart iptables (service iptables restart)
Solution 2
What I would do if there were only a few rules, like in your case, will be to delete the first rule and recreate it:
iptables -nL --line-numbers
Get the number of the rule you want to reorder (in your example would be 1) delete it and create it again, this will place the newlly created rule last in the table:
iptables -D INPUT 1
iptables -A INPUT -s 5.5.5.5 -j DROP`
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | d3vkit |
| Solution 2 | ms geek |
| Solution 3 | Mandar Shinde |
| Solution 4 | shgnInc |
| Solution 5 | arungiri_10 |
| Solution 6 | Datium |
| Solution 7 |