* move rule to a position
@ 2010-06-17 8:26 Mamadou Touré
2010-06-17 8:54 ` Florian Schaal
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Mamadou Touré @ 2010-06-17 8:26 UTC (permalink / raw)
To: netfilter
Hi, all i'd like to move rule to a position.
ex: i've these rules :
1- iptable -A -p TCP --dport 80 -j ACCEPT
2- iptable -A -p TCP --dport 21 -j ACCEPT
3- iptable -A -p UDP --dport 53 -j ACCEPT
after executing these command is there a mean to move rule at
position 3 to position 1 ?
So that the rule at 1 could go to 2 and 2 to 3.
Someone has allready done that ? plz Help.
regards.
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: move rule to a position
2010-06-17 8:26 move rule to a position Mamadou Touré
@ 2010-06-17 8:54 ` Florian Schaal
2010-06-17 9:11 ` Jan Engelhardt
2010-06-17 8:58 ` Jan Engelhardt
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Florian Schaal @ 2010-06-17 8:54 UTC (permalink / raw)
To: Mamadou Touré; +Cc: netfilter
Am 17.06.2010 10:26, schrieb Mamadou Touré:
> Hi, all i'd like to move rule to a position.
> ex: i've these rules :
> 1- iptable -A -p TCP --dport 80 -j ACCEPT
> 2- iptable -A -p TCP --dport 21 -j ACCEPT
> 3- iptable -A -p UDP --dport 53 -j ACCEPT
>
> after executing these command is there a mean to move rule at
> position 3 to position 1 ?
> So that the rule at 1 could go to 2 and 2 to 3.
>
> Someone has allready done that ? plz Help.
iirc you can´t move rules, but insert/append and delete is possible.
greets
florian
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: move rule to a position
2010-06-17 8:54 ` Florian Schaal
@ 2010-06-17 9:11 ` Jan Engelhardt
0 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-06-17 9:11 UTC (permalink / raw)
To: Florian Schaal; +Cc: Mamadou Touré, netfilter
On Thursday 2010-06-17 10:54, Florian Schaal wrote:
>Am 17.06.2010 10:26, schrieb Mamadou Touré:
>> Hi, all i'd like to move rule to a position.
>> ex: i've these rules :
>> 1- iptable -A -p TCP --dport 80 -j ACCEPT
>> 2- iptable -A -p TCP --dport 21 -j ACCEPT
>> 3- iptable -A -p UDP --dport 53 -j ACCEPT
>>
>> after executing these command is there a mean to move rule at
>> position 3 to position 1 ?
>> So that the rule at 1 could go to 2 and 2 to 3.
>>
>> Someone has allready done that ? plz Help.
>
>iirc you can´t move rules, but insert/append and delete is possible.
insert-append is not atomic when not using iptables-restore, though.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: move rule to a position
2010-06-17 8:26 move rule to a position Mamadou Touré
2010-06-17 8:54 ` Florian Schaal
@ 2010-06-17 8:58 ` Jan Engelhardt
2010-06-17 13:25 ` Jeff Largent
2010-06-17 14:34 ` Grant Taylor
3 siblings, 0 replies; 7+ messages in thread
From: Jan Engelhardt @ 2010-06-17 8:58 UTC (permalink / raw)
To: Mamadou Touré; +Cc: netfilter
On Thursday 2010-06-17 10:26, Mamadou Touré wrote:
>Hi, all i'd like to move rule to a position.
>ex: i've these rules :
>1- iptable -A -p TCP --dport 80 -j ACCEPT
>2- iptable -A -p TCP --dport 21 -j ACCEPT
>3- iptable -A -p UDP --dport 53 -j ACCEPT
>
>after executing these command is there a mean to move rule at
>position 3 to position 1 ?
Edit your ruleset and exchange the lines.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: move rule to a position
2010-06-17 8:26 move rule to a position Mamadou Touré
2010-06-17 8:54 ` Florian Schaal
2010-06-17 8:58 ` Jan Engelhardt
@ 2010-06-17 13:25 ` Jeff Largent
2010-06-17 14:34 ` Grant Taylor
3 siblings, 0 replies; 7+ messages in thread
From: Jeff Largent @ 2010-06-17 13:25 UTC (permalink / raw)
To: Mamadou Touré; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 795 bytes --]
On Thu, 2010-06-17 at 08:26 +0000, Mamadou Touré wrote:
> Hi, all i'd like to move rule to a position.
> ex: i've these rules :
> 1- iptable -A -p TCP --dport 80 -j ACCEPT
> 2- iptable -A -p TCP --dport 21 -j ACCEPT
> 3- iptable -A -p UDP --dport 53 -j ACCEPT
>
> after executing these command is there a mean to move rule at
> position 3 to position 1 ?
> So that the rule at 1 could go to 2 and 2 to 3.
>
> Someone has allready done that ? plz Help.
> regards.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
iptables-save > fw.rules
vi fw.rules and put them in the order you want them.
iptables-restore < fw.rules
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: move rule to a position
2010-06-17 8:26 move rule to a position Mamadou Touré
` (2 preceding siblings ...)
2010-06-17 13:25 ` Jeff Largent
@ 2010-06-17 14:34 ` Grant Taylor
2010-06-17 14:46 ` /dev/rob0
3 siblings, 1 reply; 7+ messages in thread
From: Grant Taylor @ 2010-06-17 14:34 UTC (permalink / raw)
To: Mail List - Netfilter
On 06/17/10 03:26, Mamadou Touré wrote:
> Hi, all i'd like to move rule to a position.
> ex: i've these rules :
> 1- iptable -A -p TCP --dport 80 -j ACCEPT
> 2- iptable -A -p TCP --dport 21 -j ACCEPT
> 3- iptable -A -p UDP --dport 53 -j ACCEPT
>
> after executing these command is there a mean to move rule at
> position 3 to position 1 ?
> So that the rule at 1 could go to 2 and 2 to 3.
I think your best bet will be to insert a duplicate of rule 3 before the
current rule #1 and then delete what will become rule #4. I.e.:
iptables -I 1 -p UDP --dport 53 -j ACCEPT
iptables -D 4
Note: I'm use to specifying the chain (FORWARD,INPUT,OUTPUT), so I'm
not exactly sure how well those rules will work as typed. Y.M.M.V.
Grant. . . .
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: move rule to a position
2010-06-17 14:34 ` Grant Taylor
@ 2010-06-17 14:46 ` /dev/rob0
0 siblings, 0 replies; 7+ messages in thread
From: /dev/rob0 @ 2010-06-17 14:46 UTC (permalink / raw)
To: Mail List - Netfilter
On Thu, Jun 17, 2010 at 09:34:36AM -0500, Grant Taylor wrote:
> On 06/17/10 03:26, Mamadou Touré wrote:
>> Hi, all i'd like to move rule to a position.
>> ex: i've these rules :
>> 1- iptable -A -p TCP --dport 80 -j ACCEPT
>> 2- iptable -A -p TCP --dport 21 -j ACCEPT
>> 3- iptable -A -p UDP --dport 53 -j ACCEPT
>>
>> after executing these command is there a mean to move rule at
>> position 3 to position 1 ?
>> So that the rule at 1 could go to 2 and 2 to 3.
>
> I think your best bet will be to insert a duplicate of rule 3
> before the current rule #1 and then delete what will become rule
> #4. I.e.:
>
> iptables -I 1 -p UDP --dport 53 -j ACCEPT
> iptables -D 4
>
> Note: I'm use to specifying the chain (FORWARD,INPUT,OUTPUT), so
> I'm not exactly sure how well those rules will work as typed.
> Y.M.M.V.
The chain is mandatory, but as others mentioned, best practice is to
use iptables-save(8)/iptables-restore(8).
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-06-17 14:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-17 8:26 move rule to a position Mamadou Touré
2010-06-17 8:54 ` Florian Schaal
2010-06-17 9:11 ` Jan Engelhardt
2010-06-17 8:58 ` Jan Engelhardt
2010-06-17 13:25 ` Jeff Largent
2010-06-17 14:34 ` Grant Taylor
2010-06-17 14:46 ` /dev/rob0
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).