IPTables management software for copy/paste into SH scripts

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 119

PostPosted: Sun Oct 17, 2021 11:02    Post subject: IPTables management software for copy/paste into SH scripts Reply with quote
I mostly use "iptables -I INPUT/FORWARD/OUTPUT #" syntax and when the number of rules grows, management becomes a problem because "-I" must be numbered. If there are 50 rules and you make one change to insert a rule somewhere in the middle, then you need to re-number all the "-I" rules below it. That's tedious. Is there not some GUI-based software that can arrange those numbers automatically and also be able to copy/paste import/export to a simple SH script? MS Excel can manage numbering if you use a separate column for "-I" rule numbers, but it doesn't populate what is copied from SH script into Excel sheet.
Sponsor
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Sun Oct 17, 2021 15:38    Post subject: Reply with quote
Actually you do not have to have a number for the -I, it defaults to 1, so as long as you realize that the dd-wrt script will result in the rules going the opposite order you should be fine.

from the man page (https://ipset.netfilter.org/iptables.man.html)
Quote:
-I, --insert chain [rulenum] rule-specification
Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.
MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 119

PostPosted: Sun Oct 17, 2021 18:08    Post subject: Reply with quote
It doesn't go in correct opposite order and I need a solution that works with DD-WRT and other firmware that follow correct IPTables syntax.
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Sun Oct 17, 2021 18:45    Post subject: Reply with quote
The original hack used is instead of numbering rules like

1
2
3
4

you numbered them

10
20
30
40

to leave insertion holes.

GUI programs that do reordering are listed in this thread:

https://askubuntu.com/questions/111/gui-for-iptables
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Sun Oct 17, 2021 19:26    Post subject: Reply with quote
MonarchX wrote:
It doesn't go in correct opposite order and I need a solution that works with DD-WRT and other firmware that follow correct IPTables syntax.


Ddwrt's iproute just places a rule which is inserted on top.

So the rule inserted last will be hit first.

Of course there are multiple tables which are also executed in a specific order.

So you need some study and planning to get it right Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 119

PostPosted: Mon Oct 18, 2021 12:30    Post subject: Reply with quote
tedm wrote:

https://askubuntu.com/questions/111/gui-for-iptables


That was what I needed! HUGE THANKS!
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Wed Oct 20, 2021 21:27    Post subject: Reply with quote
P.S. the solution does work for dd-wrt and is proper iptables format... I use it on mine currently.

dd-wrt does have some iptables modules not compiled so not everything is there anyways.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum