On Tue, Jan 04, 2005 at 09:33:46AM +0200, Shachar Shemesh wrote:
> Shaul Karl wrote:
>
> > No need to search for the exact rule number in order to remove a rule.
> >One can remove a rule by its definition:
> >
> > iptables -A "the winner"
> > iptables -R "the winner"
> >
> >should work too.
> > I still must be missing something.
> >
> >
> My turn to miss something, I think. Can you give a specific example? I
> found no trace of that syntax in the logs, nor did the command line
> work.
Follows a slightly modified quote to show what I meant. Not sure if
this is what you need.
We can delete a rule in one of two ways. Firstly, if we know that it is
the only rule in the input chain, we can use a numbered delete, as in:
# iptables -D INPUT 1
#
To delete rule number 1 in the INPUT chain.
The second way is to mirror the -A command, but replacing the -A with -D.
This is useful when you have a complex chain of rules and you don't want
to have to count them to figure out that it's rule 37 that you want to
get rid of. In this case, we would use:
# iptables -D INPUT -s 127.0.0.1 -p icmp -j DROP
#
The syntax of -D must have exactly the same options as the -A (or -I or
-R) command. If there are multiple identical rules in the same chain,
only the first will be deleted.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
