Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Delete iptables rules with sed -z and xargs -0.
57 views
Skip to first unread message
Hongyi Zhao
Nov 1, 2020, 9:36:55 PM11/1/20
to
I want to delete some iptables rules shown as following:
$ sudo iptables-save | grep -- '--dport 53'
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
So I try to construct the command using sed and xargs as follows:
$ sudo iptables-save | grep -- '--dport 53' | sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
sudo iptables -D PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
As you can see, this can only construct the first command correctly. Any hints for this problem?
Regards,
HY
$ sudo iptables-save | grep -- '--dport 53'
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
So I try to construct the command using sed and xargs as follows:
$ sudo iptables-save | grep -- '--dport 53' | sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
sudo iptables -D PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
-A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
As you can see, this can only construct the first command correctly. Any hints for this problem?
Regards,
HY
Hongyi Zhao
Nov 2, 2020, 7:29:16 PM11/2/20
to
On Monday, November 2, 2020 at 10:36:55 AM UTC+8, Hongyi Zhao wrote:
> I want to delete some iptables rules shown as following:
>
> $ sudo iptables-save | grep -- '--dport 53'
> -A PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
> -A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
>
>
> So I try to construct the command using sed and xargs as follows:
>
> $ sudo iptables-save | grep -- '--dport 53' | sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
Based on the example given on <https://stackoverflow.com/questions/15976570/is-there-a-grep-equivalent-for-finds-print0-and-xargss-0-switches>
> I want to delete some iptables rules shown as following:
>
> $ sudo iptables-save | grep -- '--dport 53'
> -A PREROUTING -s 172.17.0.0/16 -i docker0 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.53
> -A PREROUTING -s 172.17.0.0/16 -i docker0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.53
>
>
> So I try to construct the command using sed and xargs as follows:
>
> $ sudo iptables-save | grep -- '--dport 53' | sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
find /etc/passwd -print0 |
xargs -0 egrep -Z 'root|www' |
tr "\n" "\0" |
xargs -0 -n1
The commands used here for my case should have been written as the following:
$ sudo iptables-save | grep -- '--dport 53' | sed 's/^-A/-D/' | tr "\n" "\0" | xargs -0 -I{} echo sudo iptables {}
or
$ sudo iptables-save | grep -- '--dport 53' | tr "\n" "\0"| sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
Chris Elvidge
Nov 3, 2020, 7:02:31 AM11/3/20
to
How about:
IFS=$'\n'
for i in $(iptables-save | grep -- '--dport 53') do
echo "sudo iptables ${i/-A/-D}"
done
--
Chris Elvidge, England
Hongyi Zhao
Nov 3, 2020, 9:28:17 AM11/3/20
to
$ sudo iptables-save | grep -Z -- '--dport 53' | sed -z 's/^-A/-D/' | xargs -0 -I{} echo sudo iptables {}
Regards,
HY
Chris Elvidge
Nov 3, 2020, 11:00:38 AM11/3/20
to
and only waste processes.
--
Chris Elvidge, England
Hongyi Zhao
Nov 4, 2020, 10:53:42 PM11/4/20
to
From the perspective of time efficiency, for most cases, my solution is more convenient for typesetting/inputting/constructing the command line code, so maybe has a smaller total time overhead.
Regards,
HY
0 new messages