> On 08-Mar-2021, at 8:54 PM, "" <kfm@xxxxxxxxxxxxx> <kfm@xxxxxxxxxxxxx> wrote: > >> On 08/03/2021 13:14, Amish wrote: >> Hello, >> I have few programs that currently use iptables to add / delete firewall rules. >> I have been waiting to migrate to nftables from 3-4 years. (I do not want to use nft based iptables) >> But roadblock for me is inability of nftables to delete a matching rule. (similart to iptables -D INPUT -s 192.168.1.10 -j ACCEPT) >> Obtaining the handle first and then deleting is difficult programmatically. >> Have I missed any easy way out here? > > Assuming that "-D INPUT -s 192.168.1.10 -j ACCEPT" is indicative of the rules that are being added and removed, the easy way would be to manipulate a set rather than a chain. That also goes for iptables, given the existence of ipset. No I have many complex rules. Above was just an example. When rules are complex parsing the nft output programmatically to find the handle of the rule is not easy. Regards, Amish
