iptables command for moving entries from one chain to another?

Latest response

Is there an iptables command or easy way to move a row from one chain of iptables to another chain of iptables? For example, we use sshguard, so there is an sshguard chain in our iptables. The IP's logged there are not always blocked; they are caught by sshguard and logged into the iptables but we see no hits against them unless we block that IP in the INPUT chain of iptables. We have to manually move them from one chain to the other. We are thinking about how to write a script to do it, but thought we'd check first if such a command already exists.
Thanks!
Julie

Responses

Rules aren't really movable, per se. Closest you really come to making rules/rule-groups movable is to put them into their own named-chain and then set jump-outs to them from the default chains.

That said, it's fairly trivial to copy a rule from one chain to another if you don't want to use jumpable named-chains.

That's interesting. I appreciate your response. We had seen the jump parameter in the man page but didn't make the connection. No matter, in the mean time, one of my engineers has written a shell script to move the rules. Thanks!

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.