Old 06-25-2012, 06:24 AM   #1
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77
Blog Entries: 1

Rep: Reputation: Disabled
Question Swap Iptable rules using ruleno. using a perl script

the perl script is supposed to take two arguments
rule_number1 and rule_number2
and we will call this script say 1 2
it should swap the rules in iptables say INPUT chain
Old 06-26-2012, 06:02 AM   #2
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
What exactly is your question?
Old 06-27-2012, 02:37 AM   #3
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77

Original Poster
Blog Entries: 1

Rep: Reputation: Disabled
there are iptable rules in your system say for INPUT chain in the sequence
we want to swap rule number 2 7 say
we want to do this swapping through a perl script
the design steps are

The script "" will take two parameters
<first_rule_number>, <second_rule_number>
so one would call it like this ---> 3 8.
You need to delete rule number 3 and rule number 8 from iptables
but if you first delete them you will loose the rules,
so first you need to list them and get the rule.
Step 1: List iptables rules by rulenumbers
iptables -L -v -n --line-numbers
Step 2: Read rule number 3 by using iptables --line-numbers and grep
Step 3: Read rule number 8 by using iptables --line-numbers and grep
Store what you get in Step2 into $first_rule and Step3 into $second_rule
Step 4: Delete rule 3 and 8 using iptables -D rulenum
Step 5: Add $first_rule to second position i.e. to place 8 using iptables -I rulenum and $first_rule
Step 6: Add $second_rule to first position i.e. to place 3 using iptables -I rulenum and $second_rule
Old 06-27-2012, 03:36 AM   #4
Registered: Apr 2010
Location: Kinshasa, Democratic Republic of Congo
Distribution: RHEL, Fedora, CentOS
Posts: 525

Rep: Reputation: 95
Hi Balvinder87,

It seems that you already have the full algorithm.
We will appreciate if you can share with us the derived Perl script.

Last edited by tshikose; 06-27-2012 at 07:01 AM.
Old 06-27-2012, 06:43 AM   #5
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 193Reputation: 193
May i recommend using the iptables-save file rather than the output of iptables -nvL. Since the iptables-save file is the same format as iptables commands, which will be a lot easier than having to parse the output from -nvL.

If you want somebody to write your script for you, that aint gunna happen. We're aren't a do it for you type of forum, we're here to help you learn how to do it yourself.

Personally, i would do this in a bash script, run iptables-save, grep to put the rules into variables, and then sed to replace whatever is on line number $x with the contents of the variables, then reload iptables.

This will assume that you are swapping LINE numbers, not RULE numbers inside the chain, to do this with rule numbers, you would grep for the relevant chain (probably also passed as a parameter to the script), and also keep track of the line number since this wont match the line numbers you are using with sed.
Old 06-27-2012, 07:19 AM   #6
Registered: Jun 2012
Location: India
Distribution: debian
Posts: 77

Original Poster
Blog Entries: 1

Rep: Reputation: Disabled
thanks for the reply
I got it now


