On Wed, 2004-12-01 at 07:12, Claudio Lavecchia wrote:
> Well,
>
> In fact I really wanted my WLAN card set in promiscuous mode to drop
> all the packets coming from the other laptop, this means that I wanted a
> filter BEFORE the promiscuos mode filter.
if that makes sense to you, or anyone else on this list--more power to
you.
> And by the way: how do I cancel a rule from the PREROUTING chain?
> If I do the standard way, I get:
>
> ~ # iptables -D PREROUTING 1
> iptables: No chain/target/match by that name
first--you need to specify a chain (here you also need to specify a
table, as filter has no PREROUTING chain). second--you need to specify
the whole rule.
a rule added with the command:
iptables -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 80 \
-j DNAT --to-destination $WEB_SRV
must be deleted with the command:
iptables -t nat -D PREROUTING -i $EXT_IF -p tcp --dport 80 \
-j DNAT --to-destination $WEB_SRV
the other option would be to flush that chain and just add back the
rules you want to keep (if any), as is often done in scripts:
iptables -t nat -F PREROUTING
iptables -t nat -A PREROUTING ...
and lastly--you could:
iptables-save > ipt.out
vi ipt.out [delete rule(s) you don't want any more]
iptables-restore ipt.out
-j
--
"I'm having the best day of my life, and I owe it all to not going
to Church!"
--The Simpsons
