| View previous topic :: View next topic |
| Author |
Message |
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
 Posted: Sun Aug 04, 2013 9:34 pm Post subject: [solved] stop network on TAP device |
 |
|
I'm playing here with running 2 user mode linux images a the same time. Each UML gets its DHCP address from the host. Now I'd like to suddenly break the network from /to 1 of both images. I'd thinking to do that with iptables. Anybody knows a working solution ? I'm already running an iptables script located in /etc/init.d and b/c rules are just added at the end of I'd like to avoid cleaning the tables it by restarting the init.d script. Instead I just like to revert the particular rule which can be used to stop the network traffic.
Last edited by toralf on Mon Aug 05, 2013 5:45 pm; edited 1 time in total |
|
| Back to top |
|
 |
BradN
Advocate
Joined: 19 Apr 2002
Posts: 2391
Location: Wisconsin (USA)
|
| Posted: Mon Aug 05, 2013 6:35 am Post subject: |
|
|
iptables -t tablename -D (rest of command would match the rest of the -A command that created it)
This is in general how you remove a rule from iptables manually.
Like, let's say my iptables-save looks like:
| Code: | # Generated by iptables-save v1.4.13 on Mon Aug 5 01:33:47 2013
*filter
:INPUT ACCEPT [8191684:9297331274]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6192315:606443488]
-A FORWARD -s 192.168.0.0/16 -i eth0 -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -d 192.168.0.0/16 -i ppp0 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i eth2 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -i eth2 -j ACCEPT
COMMIT
# Completed on Mon Aug 5 01:33:47 2013
# Generated by iptables-save v1.4.13 on Mon Aug 5 01:33:47 2013
*nat
:PREROUTING ACCEPT [2690134:845364370]
:INPUT ACCEPT [164830:39214556]
:OUTPUT ACCEPT [203937:13325685]
:POSTROUTING ACCEPT [203784:13316196]
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Mon Aug 5 01:33:47 2013
|
and I want to get rid of "-A FORWARD -d 192.168.0.0/16 -i ppp0 -j ACCEPT"
This takes...
iptables -t filter -D FORWARD -d 192.168.0.0/16 -i ppp0 -j ACCEPT |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
| Posted: Mon Aug 05, 2013 1:56 pm Post subject: |
|
|
| BradN wrote: | iptables -t tablename -D (rest of command would match the rest of the -A command that created it)
This is in general how you remove a rule from iptables manually. |
Ah - this helps me.
Thanks for your examples.
UpdateBut now I'm realizing that one of my first iptables rules is to allow all on 192.168.x.x - pff ... |
|
| Back to top |
|
|
|
Networking & Security
