Why don't you just use iptables-restore < `iptables-save | grep -v 'x1'` after flushing the chain in question and removing it? I'm not sure if the syntax above will work but it's the concept that I'm trying to convey. -Scott >On 2004.11.27 12:17, Alexis - alexis@xxxxxxxxxxx wrote: >> Hi all, im coding a frontend for iptables based on php and mysql. >> >> But i have an issue when i try to delete a group of rules, it cant be done. >> >> suppose this >> >> a chain called "x1" >> >> delete the chain implies >> >> - empty the chain >> - delete all rules that reference the chain > >For what its worth, I would empty the chain >after I deleted the references. > >> >> the first line is easy to do with iptables -F x1 , but if (as an example) >> in filter::INPUT i have 2 or more references to this chain, executing >> iptables -D INPUT -j x1 will delete only the first one and not all rules >> that references x1. > >I believe that any rule can be deleted by specifying the exact parameters >used to create it, that is changing the -A for instance to -D, leaving >the rest of the command unchanged (for example -p tcp, or -d x.x.x.x, etc.). > >Surely each rule in a table has a unique pattern, or why would it be there? > >This does not, as you say, allow for deletion of a group of related commands, >however, it should let you accomplish what you need to do. > >Just delete the rules iteratively, one at a time, >creating the delete commands from those used to add each rule. > >I hope that helps. > >Jim >
