CODEWITHSUNDEEP
androidlinuxfirewalliptables
user1814662
user1814662

Reputation: 281

iptables moving rule in a list

i have 2 rules of iptables 

iptables -A INPUT -s 5.5.5.5 -j DROP
iptables -A INPUT -s 6.5.5.5 -j ACCEPT

is there a function or a command that will swap the rules to be like this:

iptables -A INPUT -s 6.5.5.5 -j ACCEPT 
iptables -A INPUT -s 5.5.5.5 -j DROP

Upvotes: 27

Views: 45655

Answers (7)

AkuLink1
AkuLink1

Reputation: 123

Solution 1

If those rules are permanent and therefore located in the /etc/iptables/rules.v4 and etc/iptables/rules/v6 files, then you can just edit both files and move the rules to fit the desired order, something like:

-A INPUT -s 6.5.5.5 -j ACCEPT 
-A INPUT -s 5.5.5.5 -j DROP

Restart iptables (service iptables restart)

Solution 2

What I would do if there were only a few rules, like in your case, will be to delete the first rule and recreate it:

iptables -nL --line-numbers

Get the number of the rule you want to reorder (in your example would be 1) delete it and create it again, this will place the newlly created rule last in the table:

iptables -D INPUT 1
iptables -A INPUT -s 5.5.5.5 -j DROP`

Upvotes: 0

ms geek
ms geek

Reputation: 81

We had an issue with the order of some rules, and the most efficient way I found to change this was with two tools:

  1. iptables-save
  2. iptables-restore

First dump the rules into a file:

sudo iptables-save > /root/iptrules.txt

Then edit the file with your favorite text editor:

sudo vim /root/iptrules.txt

Make the necessary movements and then restore the rules:

sudo iptables-restore < /root/iptrules.txt

Upvotes: 8

Datium
Datium

Reputation: 93

Let's assuem your INPUT chain has only these two rules, so their ID number would be 1 and 2 respectively for -A INPUT -s 5.5.5.5 -j DROP and -A INPUT -s 6.5.5.5 -j ACCEPT

Now, let's switch them: iptables -R INPUT 2 -s 5.5.5.5 -j DROP iptables -R INPUT 1 -s 6.5.5.5 -j ACCEPT

iptables -R is a command to Replace a rule already existed in iptables with another.

Its usage is: iptables -R [chain name] [line number] [new rule]

Upvotes: 0

arungiri_10
arungiri_10

Reputation: 988

Instead of -A use -D to delete and then add again

iptables -D INPUT -s 5.5.5.5 -j DROP

iptables -D INPUT -s 6.5.5.5 -j ACCEPT

Now add with swaped value

iptables -A INPUT -s 5.5.5.5 -j ACCEPT

iptables -A INPUT -s 6.5.5.5 -j DROP

Upvotes: 0

shgnInc
shgnInc

Reputation: 2196

There is a program named iptables-persistent which make iptable's rules persistent as a os service. this service include a configuration file as the iptables-save export.

So you can reorder the lines in the configuration file and restart the service.

sudo service iptables-persistent restart

So easy!!!!!

Upvotes: 1

d3vkit
d3vkit

Reputation: 1982

First check the line number:

iptables -nL --line-numbers

Delete based on line:

iptables -D INPUT {line}

Insert where you would like it to be:

iptables -I INPUT {line} -i lo -p tcp --dport {port} -j ACCEPT -m comment --comment "This rule is here for this reason"

Found at these sources:

Delete Rule

Insert Rule

Upvotes: 40

Mandar Shinde
Mandar Shinde

Reputation: 1755

There is no such command to swap two iptables rules.

You can just delete and insert them into appropriate position.

Upvotes: 3

Related Questions