2022-07-15 12:40 UTC
  • Xyne


Description: Idempotent iptables wrapper for appending and deleting rules.
Latest Version: 2012
Source Code: src/
  • any
  • iptables
Arch Repositories:
  • [xyne-any]
  • [xyne-i686]
  • [xyne-x86_64]
AUR Page: idemptables
Arch Forum Thread: 155295

Help Message

$ idemptables --help

This is a wrapper around iptables for appending and deleting rules. It will
check for an existing matching rule when appending a rule to prevent duplicates
and it will remove all matching rules when deleting a rule. It is intended for
scripts that dynamically configure the firewall and which should be idempotent,
i.e. subsequent invocations should not further alter the rules once they have
been created. This prevents clutter in Netfilter if the script is rerun after an
unexpected exit.


    /usr/bin/idemptables <iptables args>

iptables v1.8.8 (legacy)

Usage: iptables -[ACD] chain rule-specification [options]
       iptables -I chain [rulenum] rule-specification [options]
       iptables -R chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LS] [chain [rulenum]] [options]
       iptables -[FZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Either long or short options are allowed.
  --append  -A chain        Append to chain
  --check   -C chain        Check for the existence of a rule
  --delete  -D chain        Delete matching rule from chain
  --delete  -D chain rulenum
                Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
                Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
                Replace rule rulenum (1 = first) in chain
  --list    -L [chain [rulenum]]
                List the rules in a chain or all chains
  --list-rules -S [chain [rulenum]]
                Print the rules in a chain or all chains
  --flush   -F [chain]      Delete all rules in  chain or all chains
  --zero    -Z [chain [rulenum]]
                Zero counters in chain or all chains
  --new     -N chain        Create a new user-defined chain
            -X [chain]      Delete a user-defined chain
  --policy  -P chain target
                Change policy on chain to target
            -E old-chain new-chain
                Change chain name, (moving any references)

    --ipv4  -4      Nothing (line is ignored by ip6tables-restore)
    --ipv6  -6      Error (line is ignored by iptables-restore)
[!] --protocol  -p proto    protocol: by number or name, eg. `tcp'
[!] --source    -s address[/mask][...]
                source specification
[!] --destination -d address[/mask][...]
                destination specification
[!] --in-interface -i input name[+]
                network interface name ([+] for wildcard)
 --jump -j target
                target for rule (may load target extension)
  --goto      -g chain
                   jump to chain with no return
  --match   -m match
                extended match (may load extension)
  --numeric -n      numeric output of addresses and ports
[!] --out-interface -o output name[+]
                network interface name ([+] for wildcard)
  --table   -t table    table to manipulate (default: `filter')
  --verbose -v      verbose mode
  --wait    -w [seconds]    maximum wait to acquire xtables lock before give up
  --line-numbers        print line numbers when listing
  --exact   -x      expand numbers (display exact values)
[!] --fragment  -f      match second or further fragments only
  --modprobe=<command>      try to insert modules using this command
  --set-counters -c PKTS BYTES  set the counter during insert/append
[!] --version   -V      print package version.
echo | sed 's/\./@/'
XHTML 1.0 Strict CSS level 3 Atom 1.0