7

I have a rule in iptables that looks like this:

DROP       all  --  5.158.238.32         anywhere

But I would like to change it to be:

DROP       all  --  5.158.0.0/16         anywhere

How do I do this?

I've found info on how you add rules but this seems to append rules to the end of the list and for some reason the rule doesn't take effect unless it's higher up.

I've also found info on editing a file but my distro (debain) doesn't seem to have a file any of the locations mentioned in the articles - is there a file I can edit somewhere?

Any pointers in the right direction would be much appreciated.

Cheers

Ben

CMSCSS
  • 2,076
  • 9
  • 28
  • 49

1 Answers1

20

Run iptables -L --line-numbers, which will give you all the current rules as well as their rule numbers. Once you have identified the line number of the rule you would like to replace, run iptables -R <chain> <rulenum> <new rule def>. In your case, the output to the first would be something like this (greatly truncated):

Chain INPUT (policy ACCEPT)
num  target     prot opt source       destination
....
12   DROP       all  --  5.158.238.32 anywhere
...

and to replace it, you would run:

iptables -R INPUT 12 -s 5.158.0.0/16 -j DROP

Hope this makes sense. Good luck!

Joel C
  • 2,958
  • 2
  • 15
  • 18
  • Thanks heaps - very helpful. The line I wanted to change was at line 4 so I used ```iptables -R INPUT 4 -s 5.158.0.0/16 -j DROP``` but strangely when I ran ```iptables -L --line-numbers``` afterwards, it came out as ```4 DROP all -- 0.0.158.5.rev.vodafone.pt/16 anywhere``` which looks very strange. – CMSCSS Nov 02 '15 at 04:18
  • That is correct. When iptables displays the rules, it will do a reverse-DNS lookup on all IP addresses. In this case, the IP reverses to the domain name that you see. If you want it to not resolve IP addresses, you can pass the `-n` switch. – Joel C Nov 02 '15 at 15:37
  • Cheers, thanks heaps for you help. – CMSCSS Nov 02 '15 at 22:50