How to delete rules handle

hi i would insert and delete rules this way

nft insert rule inet fw4 forward_lan $handle1 my rules 

then 

nft delete rule inet fw4 forward_lan handle $handle1 my rules 

is possible ?

i has 4 or 5 rules thanks

Is this OpenWrt or purely nft related?

(i.e. is there a corresponding script, etc. for this?)

yes it's for my OpenWrt router

I haven't created the script yet but I'd like an example

create a rule for the forward chain lan and then delete it

we've done this with elan in the past for its cake qos script

exemple i create a rules then i will stopped with a init script script in startup

maybe can help

nft insert rule inet fw4 pre_mangle_forward handle "$(nft -a list ruleset | grep "Wash all ISP DSCP marks to CS1 (IPv4)" | sed 's/.* //')" > /dev/null 2>&1
stop_service() {
    echo stop
    ############################################################
nft delete rule inet fw4 pre_mangle_forward handle "$(nft -a list ruleset | grep "Wash all ISP DSCP marks to CS1 (IPv4)" | sed 's/.* //')" > /dev/null 2>&1

the complete stop is for stop service like this

example of my first rule

nft insert rule inet fw4 forward_lan $handle3 ip saddr 192.168.2.160 counter accept 
1 Like

:+1:t3:

Here's an example of how I've done that sort of thing, awk makes short work of extracting the handle:

handle=$(nft -a list chain inet fw4 input_wan | awk '/jump reject_from_wan /{print $(NF)}')
nft insert rule inet fw4 input_wan position $handle 'tcp dport blah blah blah'
3 Likes

thanks i will test now

ok is good for tcp dport but udp odesn't delete ? maybe my firewall config

nft insert rule inet fw4 forward_lan ip saddr 192.168.2.160 udp dport { bla bla bla 
chain forward_lan { # handle 9
                ip saddr 192.168.2.160 udp dport { bla bla 
                ip saddr 192.168.2.160 ip daddr { bla bla 

it's all ok now thanks so much :slight_smile:

You may also want to consider adding jump/goto another chain to the end of whatever fw4 chain you want to affect and flushing your custom chain when you need to delete your rules.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.