Updating Iptables rule using --line-number Option
There was a requirement for me to change an existing iptables rule with a new IP Address range. So, for this --line-numbers which comes with iptables proves to be very handy.
The requirement for me was to change the existing 10.200.0.0/20 range to 10.200.0.0/17 network in an iptables rule.
First I will grep for the rule with the --line-numbers option.
$ sudo grep 10.200
/etc/sysconfig/iptables
The requirement for me was to change the existing 10.200.0.0/20 range to 10.200.0.0/17 network in an iptables rule.
First I will grep for the rule with the --line-numbers option.
$ sudo iptables -L -n
--line-numbers | grep 10.200
16 ACCEPT all
-- 10.200.0.0/20
0.0.0.0/0 state NEW
-A INPUT -s 10.200.0.0/20 -m state --state NEW -j ACCEPT
So, this gives me the line number where the rule existed. Since we have the line number, it will become easy for us to change the rule by using the line number of the rule as shown below
$ sudo iptables -R INPUT 16 -s
10.200.0.0/17 -m state --state NEW -j ACCEPT
Now, Lets list the iptables rules once again . We can see the Network range has been updated .
$ sudo iptables -L -n
--line-numbers | grep 10.200
16 ACCEPT all
-- 10.200.0.0/17
0.0.0.0/0 state NEW
Comments