Questions related to iptables command

1) Can we delete more than one rules in iptables in 1 go?
manpage of iptables says that the deletion command syntax is:
-D chain Rule-spec/-D chain Rulenum
can we have more than one rule numbers in the command ?Please give an
example.
2) Can we add more than one rule in a single commandline?Is it never
possible? I know the case when hostnames resolve to multiple ip
addresses,but here we are adding just one rule only.Can we add many
rules in a single commandline?
3) In the case when hostnames resolve to multiple ip addresses ,are the
rules that get formed always one after another in the iptable inside
the kernel?
4) The man page says that after the --sport one can specify a port
number or a service name.What will happen if the service name resolves
to multiple ports?Are many rules added in this case?

"jeniffer" <(E-Mail Removed)> writes:

> 1) Can we delete more than one rules in iptables in 1 go?

You can flush a chain (with -F). If you have your rules divided into
chains in an organized way, this might help you.

> 2) Can we add more than one rule in a single commandline?

Not that I know of. Unless of course you have a chain defined with
multiple rules and you then just use one new rule to jump to that
chain.

--
Jacob

Jacob Bunk Nielsen wrote:
> "jeniffer" <(E-Mail Removed)> writes:
>
> > 1) Can we delete more than one rules in iptables in 1 go?
>
> You can flush a chain (with -F). If you have your rules divided into
> chains in an organized way, this might help you.
>
I meant to ask can we delete more than 1 rule using iptables -D ??


> > 2) Can we add more than one rule in a single commandline?
>
> Not that I know of. Unless of course you have a chain defined with
> multiple rules and you then just use one new rule to jump to that
> chain.
>
> --
> Jacob

I meant to ask is something of this kind possible like :
iptables rule1 specification rule2 specification
using some syntax.
Single iptables in commandline but more than 1 rule

"jeniffer" <(E-Mail Removed)> writes:
> Jacob Bunk Nielsen wrote:
>> "jeniffer" <(E-Mail Removed)> writes:
>>
>> > 1) Can we delete more than one rules in iptables in 1 go?
>>
>> You can flush a chain (with -F). If you have your rules divided into
>> chains in an organized way, this might help you.
>>
> I meant to ask can we delete more than 1 rule using iptables -D ??

OK, so I guess you didn't have your rules nicely arranged into chains
:-)

Then I think the answer is no.

>> > 2) Can we add more than one rule in a single commandline?
>>
>> Not that I know of. [...]
>
> I meant to ask is something of this kind possible like :
> iptables rule1 specification rule2 specification
> using some syntax.

I believe my above quote answers this question, at least to the limit
of my current knowledge of iptables.

Why are you so affraid of calling iptables multiple times for creating
and deleting rules? I know that it becomes slow when you have
sufficiently many rules, but in that case you'd probably want to work
with multiple chains anyways so packets do have to be matched against
all rules in your ruleset, but only against a relevant subset of
rules.

--
Jacob

2006-11-8, 01:28(-08), jeniffer:
> 1) Can we delete more than one rules in iptables in 1 go?
> manpage of iptables says that the deletion command syntax is:
> -D chain Rule-spec/-D chain Rulenum
> can we have more than one rule numbers in the command ?Please give an
> example.

No

> 2) Can we add more than one rule in a single commandline?

No

> Is it never
> possible?

Use chains if your purpose is to add 2 rules at the same time to
make sure no packet arrives inbetween the addition of the rules.

> I know the case when hostnames resolve to multiple ip
> addresses,but here we are adding just one rule only.Can we add many
> rules in a single commandline?

Even when hostnames resolve to two addresses, iptables will
send two requests to the kernel, so there may a tiny delay
between the two.

> 3) In the case when hostnames resolve to multiple ip addresses ,are the
> rules that get formed always one after another in the iptable inside
> the kernel?

Yes, though the order in which they are inserted depends on
whether you used -A or -I.

> 4) The man page says that after the --sport one can specify a port
> number or a service name.What will happen if the service name resolves
> to multiple ports?Are many rules added in this case?

There should be only one port per protocol+service-name. If
there are multiple, I guess the first one is used (the one
returned by getservbyname(servicename, protocol).

--
Stéphane

jeniffer wrote:

> 4) The man page says that after the --sport one can specify a port
> number or a service name.What will happen if the service name resolves
> to multiple ports?Are many rules added in this case?
>

-m multiport --dports 25,465,993,995 ( 25 ports max if I remember )