how to remove rules

how to remove rules

[Askar]

hi 
I have trying to remove the extra rules from my routing tables,
however with no luck
Also I want to know these duplicate entries have an effect on packets
going routed?
I have this overwhelming rules lists from my predessor who added the
"ip rule add fwmark" entries in firewall script, and on each run of
firewall script its creates an extra entry in routing table.
Now I want to get rid of  an extras "from all fwmark 0x2 lookup
squid.out" leaving only one that what's I needs.


here is the output of "ip rule ls"

0:      from all lookup local
32742:  from all fwmark 0x2 lookup squid.out
32743:  from all fwmark 0x2 lookup squid.out
32744:  from all fwmark 0x2 lookup squid.out
32745:  from all fwmark 0x2 lookup squid.out
32746:  from all fwmark 0x2 lookup squid.out
32747:  from all fwmark 0x2 lookup squid.out
32748:  from all fwmark 0x2 lookup squid.out
32749:  from all fwmark 0x2 lookup squid.out
32750:  from all fwmark 0x2 lookup squid.out
32751:  from all fwmark 0x2 lookup squid.out
32752:  from all fwmark 0x2 lookup squid.out
32753:  from all fwmark 0x2 lookup squid.out
32754:  from all fwmark 0x2 lookup squid.out
32755:  from all fwmark 0x2 lookup squid.out
32756:  from all fwmark 0x2 lookup squid.out
32757:  from all fwmark 0x2 lookup squid.out
32758:  from all fwmark 0x2 lookup squid.out
32759:  from all fwmark 0x2 lookup squid.out
32760:  from all fwmark 0x2 lookup squid.out
32761:  from all fwmark 0x2 lookup squid.out
32762:  from all fwmark 0x2 lookup squid.out
32763:  from all fwmark 0x2 lookup squid.out
32764:  from all fwmark 0x2 lookup squid.out
32765:  from all fwmark 0x2 lookup squid.out
32766:  from all lookup main
32767:  from all lookup 253

regards

-- 
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)

Re: how to remove rules

[Jason Opperisano]

On Tue, 2004-11-23 at 04:29, Askar wrote:
> hi 
> I have trying to remove the extra rules from my routing tables,
> however with no luck
> Also I want to know these duplicate entries have an effect on packets
> going routed?
> I have this overwhelming rules lists from my predessor who added the
> "ip rule add fwmark" entries in firewall script, and on each run of
> firewall script its creates an extra entry in routing table.
> Now I want to get rid of  an extras "from all fwmark 0x2 lookup
> squid.out" leaving only one that what's I needs.
> 
> 
> here is the output of "ip rule ls"

the proper place for your question would be the lartc mailing list: 
http://lartc.org/#mailinglist

-j
 
--
"I'll leave the world the same way I came into it - dirty, screaming
 and torn away from the woman I love."
	--The Simpsons

Re: how to remove rules

[Askar]

On Tue, 23 Nov 2004 04:39:36 -0500, Jason Opperisano <opie@817west.com> wrote:
> On Tue, 2004-11-23 at 04:29, Askar wrote:
> 
> 
> > hi
> > I have trying to remove the extra rules from my routing tables,
> > however with no luck
> > Also I want to know these duplicate entries have an effect on packets
> > going routed?
> > I have this overwhelming rules lists from my predessor who added the
> > "ip rule add fwmark" entries in firewall script, and on each run of
> > firewall script its creates an extra entry in routing table.
> > Now I want to get rid of  an extras "from all fwmark 0x2 lookup
> > squid.out" leaving only one that what's I needs.
> >
> >
> > here is the output of "ip rule ls"
> 
> the proper place for your question would be the lartc mailing list:
> http://lartc.org/#mailinglist
Sure, however reason behind posting in netfilter list coz may be i'm
only subscribe to this nice list :) and secondly coz it has iptables
touch.

iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80  -j MARK --set-mark 2

regards


> -j
> 
> --
> "I'll leave the world the same way I came into it - dirty, screaming
>  and torn away from the woman I love."
>         --The Simpsons
> 
> 


-- 
(after bouncing head on desk for days trying to get mine working, I'll make
your life a little easier)

Re: how to remove rules

[Nick Taylor]

On Tue, 23 Nov 2004, Askar wrote:

> Date: Tue, 23 Nov 2004 14:29:35 +0500
> From: Askar <askarali@gmail.com>
> To: netfilter <netfilter@lists.netfilter.org>
> Subject: how to remove rules
>
> hi
> I have trying to remove the extra rules from my routing tables,
> however with no luck
> Also I want to know these duplicate entries have an effect on packets
> going routed?
> I have this overwhelming rules lists from my predessor who added the
> "ip rule add fwmark" entries in firewall script, and on each run of
> firewall script its creates an extra entry in routing table.
> Now I want to get rid of  an extras "from all fwmark 0x2 lookup
> squid.out" leaving only one that what's I needs.
>
>
> here is the output of "ip rule ls"
>
> 0:      from all lookup local
> 32742:  from all fwmark 0x2 lookup squid.out
> ...........
> 32764:  from all fwmark 0x2 lookup squid.out
> 32765:  from all fwmark 0x2 lookup squid.out
> 32766:  from all lookup main
> 32767:  from all lookup 253
>
>
Well, I had this same problem, and I didn't find an official solution, so
the following shell script does what I need.  It's exactly the opposite of
elegant, but at least it's not nonfunctional.

#!/bin/sh

FWMARKS=`ip rule list | grep fwmark | wc -l`

if [ $FWMARKS != "0" ]; then
  echo $FWMARKS fwmarks exist, flushing...
  ip rule list | grep fwmark | cut -d " " -f 6 | \
    xargs --max-args=1 ip rule del fwmark
else
  echo $FWMARKS fwmarks exist, la dee da...
fi