Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Remove duplicate iptables rules?

FreekFreek Member
edited April 2013 in Help

I see I have some duplicate iptables rules on my server.
Is there a command/script to remove to remove duplicate rules automatically?
I found this script, but I don't trust it too much: http://elliottback.com/wp/iptables-bash-shell-cleanup-script/

Comments

  • AnthonySmithAnthonySmith Member, Host Rep

    A bash script to list your rules, echo them in to a file, run diff/sort on them, flush current rules and apply the clean set would be simple enough, drop me an email if you want, I could write you something fairly quick with a backup option just for confidence :)

  • natestammnatestamm Member

    @Freek i take it out of the control of any other Net services and handle iptables with my own scripts. Just my two

  • taronyutaronyu Member

    Isn't CSF a solution for this?

  • RalliasRallias Member
    edited April 2013

    @AnthonySmith said: A bash script to list your rules

    iptables-save

    @AnthonySmith said: echo them in to a file

    > /etc/iptables.conf

    @AnthonySmith said: run diff/sort on them

    This I don't know.

    @AnthonySmith said: flush current rules

    iptables -F

    @AnthonySmith said: and apply the clean set

    iptables-restore < /etc/iptables.conf

  • yomeroyomero Member

    Or just create an script with your rules and flush the rules at the start

  • dmmcintyre3dmmcintyre3 Member

    Just comment out the duplicate rules in /etc/sysconfig/iptables and run service iptables restart

  • RalliasRallias Member

    @dmmcintyre3 said: Just comment out the duplicate rules in /etc/sysconfig/iptables and run service iptables restart

    Only if on an RHEL-based distro.

  • AuroraZAuroraZ Barred

    @yomero said: Or just create an script with your rules and flush the rules at the start

    This is what I do on my servers works well. Can also use the script on what ever distro you install.

  • t3k9t3k9 Member

    iptables-save | uniq | iptables-restore

  • krokro Member

    Lol @ win

  • DamianDamian Member

    ^^^^ that's what we use on a 24hr cron task.

  • bdtechbdtech Member

    Does uniq mess up the order of rules?

  • RalliasRallias Member

    @t3k9 That won't work. Uniq only works if a line occurs twice in a row, which may not be the case in an iptables ruleset.

  • FFFlipFFFlip Member

    awk! awk!

    iptables-save | awk ' !x[$0]++' | iptables-restore

    Famous Awk One-Liners Explained: 43. Remove duplicate, nonconsecutive lines

  • yomeroyomero Member

    @Rallias said: @t3k9 That won't work. Uniq only works if a line occurs twice in a row, which may not be the case in an iptables ruleset.

    | sort | uniq

  • FFFlipFFFlip Member

    @yomero said: | sort | uniq

    fscking with the order of things in iptables-land ist verboten!

  • yomeroyomero Member

    @FFFlip said: order of things in iptables

    Indeed n_n

    So, my first recommendation stays, just do an script ¬_¬

  • RalliasRallias Member
    edited April 2013

    #!/usr/bin/perl open( my $iptablesSave, "-|", "iptables-save"); my @iptablesOrig; (@iptables) = <$iptablesSave>; close $iptablesSave; my @iptablesOut; foreach my $line (@iptablesOrig) { my $push = 1; foreach my $check (@iptablesOut) { if $check == $line { $push = 0; } } if $push == 1 { push $line, @iptablesOut; } } my $iptablesOut = join ("\n" @iptablesOut); open (my $iptablesRestore, "|-", "iptables-restore"); print $iptablesRestore $iptablesOut; close ($iptablesRestore);

    No guarantees.

  • FreekFreek Member

    @AnthonySmith said: drop me an email if you want

    Done :D But as t3k9's command also works, so it's not necessary anymore. But if you want to show off your bash skills, feel free to do so ;)

    @t3k9 said: iptables-save | uniq | iptables-restore

    Works like a charm, thanks!

    @FFFlip said: iptables-save | awk ' !x[$0]++' | iptables-restore

    root@gunther:~# iptables-save | awk ' !x[$0]++' | iptables-restore
    Bad argument *filter' Error occurred at line: 14 Tryiptables-restore -h' or 'iptables-restore --help' for more information.

    @Rallias said: This I don't know.

    Haha that's the magic ;)

    @dmmcintyre3 said: Just comment out the duplicate rules in

    Wasn't planning on commenting out 40 duplicate lines.

  • FFFlipFFFlip Member
    edited May 2013

    nvm

Sign In or Register to comment.