* Possible bug for delete specific rule w/ RedHat 8.0, Kernel 2.4.18, Iptables 1.2.6a
@ 2002-10-14 11:05 Daniel Paul
2002-10-18 2:18 ` Joel Newkirk
0 siblings, 1 reply; 2+ messages in thread
From: Daniel Paul @ 2002-10-14 11:05 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 618 bytes --]
Hello,
I have problems deleting a rule from any chain by specifying the rule
itself, for example:
iptables -A FORWARD -p tcp -s $NET_IN --sport 1024: -d 0/0 --dport smtp -j
ACCEPT
and then
iptables -D FORWARD -p tcp -s $NET_IN --sport 1024: -d 0/0 --dport smtp -j
ACCEPT
gives me a "Bad rule: Does matching rule exist in chain" error. Btw, the
variables used
here are of course defined.
When I use -v switch on both commands I can see that also the created rules
(smtp to 25 etc.)
are the same, so it is not a problem of parsing itself.
Any help would be very appreciated.
Daniel Paul
dpaul{NOSPAM}@gmx.net
[-- Attachment #2: Type: text/html, Size: 2910 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: Possible bug for delete specific rule w/ RedHat 8.0, Kernel 2.4.18, Iptables 1.2.6a
2002-10-14 11:05 Possible bug for delete specific rule w/ RedHat 8.0, Kernel 2.4.18, Iptables 1.2.6a Daniel Paul
@ 2002-10-18 2:18 ` Joel Newkirk
0 siblings, 0 replies; 2+ messages in thread
From: Joel Newkirk @ 2002-10-18 2:18 UTC (permalink / raw)
To: Daniel Paul, netfilter
On Monday 14 October 2002 07:05 am, Daniel Paul wrote:
> Hello,
>
> I have problems deleting a rule from any chain by specifying the rule
> itself, for example:
>
> iptables -A FORWARD -p tcp -s $NET_IN --sport 1024: -d 0/0 --dport smtp -j
> ACCEPT
>
> and then
>
> iptables -D FORWARD -p tcp -s $NET_IN --sport 1024: -d 0/0 --dport smtp -j
> ACCEPT
>
> gives me a "Bad rule: Does matching rule exist in chain" error. Btw, the
> variables used
> here are of course defined.
Are you doing all this in the same script? If you define NET_IN in a script,
use it to add the rule, then end the script and try to delete from another
script or command line then you would have a problem, since $NET_IN only
would be defined within the original script. If you redefine NET_IN in
another script to expand to the same thing, it should work, but if it is
something dymanic (MY_DYN_IP, IE) then the redefinition could quite easily
end up being different from the original rule. If you manually expand NET_IN
(or whatever symbols used) and use that in the deletion it should work.
Of course if this is all in the same script (which doesn't make much sense)
then this isn't applicable.
j
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-10-18 2:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-14 11:05 Possible bug for delete specific rule w/ RedHat 8.0, Kernel 2.4.18, Iptables 1.2.6a Daniel Paul
2002-10-18 2:18 ` Joel Newkirk
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox