On 08/03/2021 13:14, Amish wrote:
Hello,
I have few programs that currently use iptables to add / delete firewall
rules.
I have been waiting to migrate to nftables from 3-4 years. (I do not
want to use nft based iptables)
But roadblock for me is inability of nftables to delete a matching rule.
(similart to iptables -D INPUT -s 192.168.1.10 -j ACCEPT)
Obtaining the handle first and then deleting is difficult programmatically.
Have I missed any easy way out here?
Assuming that "-D INPUT -s 192.168.1.10 -j ACCEPT" is indicative of the
rules that are being added and removed, the easy way would be to
manipulate a set rather than a chain. That also goes for iptables, given
the existence of ipset.
--
Kerin Millar
