iptables, how to delete the last rule?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Is there an easy way to delete the last rule in a chain?
(other than counting to get the rule number)

The rule is (from iptables -L):
REJECT     all  --  anywhere             anywhere
reject-with icmp-host-prohibited

I'm trying with:
 /sbin/iptables -D INPUT -p all -s 0/0 -d 0/0 -j REJECT --reject-with

but it gives me:
iptables: Bad rule (does a matching rule exist in that chain?)



Re: iptables, how to delete the last rule?

Quoted text here. Click to load it

If the issue is just that you would like to know the rule numbers,
list with 'iptables -vL --line-numbers'.

But if it's really so that you need to remove whatever happens to
be the last rule at some given moment, then I don't have any help.

Your idea of describing the rule should work (does work with my
system) - but only if the chain has only one rule matching
the described rule.

In your case, it could be that the rule has some extra fields
which you didn't specify yet, and that's the reason for the
match failure. The '-v' flag with iptables should help to find
the "hidden" fields.
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
         PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Re: iptables, how to delete the last rule?

Thanks, this is very useful. I can parse the
output of
"iptables -vL --line-numbers"
to get the number of the last rule, and then
delete it.


Site Timeline