On Tue, 23 Nov 2004, Askar wrote:
> Date: Tue, 23 Nov 2004 14:29:35 +0500
> From: Askar <askarali@xxxxxxxxx>
> To: netfilter <netfilter@xxxxxxxxxxxxxxxxxxx>
> Subject: how to remove rules
>
> hi
> I have trying to remove the extra rules from my routing tables,
> however with no luck
> Also I want to know these duplicate entries have an effect on packets
> going routed?
> I have this overwhelming rules lists from my predessor who added the
> "ip rule add fwmark" entries in firewall script, and on each run of
> firewall script its creates an extra entry in routing table.
> Now I want to get rid of an extras "from all fwmark 0x2 lookup
> squid.out" leaving only one that what's I needs.
>
>
> here is the output of "ip rule ls"
>
> 0: from all lookup local
> 32742: from all fwmark 0x2 lookup squid.out
> ...........
> 32764: from all fwmark 0x2 lookup squid.out
> 32765: from all fwmark 0x2 lookup squid.out
> 32766: from all lookup main
> 32767: from all lookup 253
>
>
Well, I had this same problem, and I didn't find an official solution, so
the following shell script does what I need. It's exactly the opposite of
elegant, but at least it's not nonfunctional.
#!/bin/sh
FWMARKS=`ip rule list | grep fwmark | wc -l`
if [ $FWMARKS != "0" ]; then
echo $FWMARKS fwmarks exist, flushing...
ip rule list | grep fwmark | cut -d " " -f 6 | \
xargs --max-args=1 ip rule del fwmark
else
echo $FWMARKS fwmarks exist, la dee da...
fi
