Received: with ECARTIS (v1.0.0; list netdev); Wed, 27 Apr 2005 20:21:03 -0700 (PDT)
Received: from arnor.apana.org.au (arnor.apana.org.au [203.14.152.115])
	by oss.sgi.com (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id j3S3Kw1O014042
	for <netdev@oss.sgi.com>; Wed, 27 Apr 2005 20:20:58 -0700
Received: from gondolin.me.apana.org.au ([192.168.0.6] ident=mail)
	by arnor.apana.org.au with esmtp (Exim 3.35 #1 (Debian))
	id 1DQza4-0004YQ-00; Thu, 28 Apr 2005 13:20:48 +1000
Received: from herbert by gondolin.me.apana.org.au with local (Exim 3.36 #1 (Debian))
	id 1DQza1-0006GU-00; Thu, 28 Apr 2005 13:20:45 +1000
Date: Thu, 28 Apr 2005 13:20:45 +1000
To: jamal <hadi@cyberus.ca>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@oss.sgi.com
Subject: Re: patch: policy update by id
Message-ID: <20050428032045.GA24041@gondor.apana.org.au>
References: <1114604826.7670.24.camel@localhost.localdomain> <20050427233924.GA22238@gondor.apana.org.au> <1114650816.7663.13.camel@localhost.localdomain> <20050428012135.GA22950@gondor.apana.org.au> <20050428013014.GA23043@gondor.apana.org.au> <1114653140.7663.36.camel@localhost.localdomain> <20050428020754.GA23326@gondor.apana.org.au> <20050427194356.58a3e618.davem@davemloft.net> <20050428025644.GA23823@gondor.apana.org.au> <1114658160.7663.102.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1114658160.7663.102.camel@localhost.localdomain>
User-Agent: Mutt/1.5.6+20040907i
From: Herbert Xu <herbert@gondor.apana.org.au>
X-Virus-Scanned: ClamAV 0.83/856/Wed Apr 27 00:00:37 2005 on oss.sgi.com
X-Virus-Status: Clean
X-archive-position: 310
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: herbert@gondor.apana.org.au
Precedence: bulk
X-list: netdev
Content-Length: 1069
Lines: 25

On Wed, Apr 27, 2005 at 11:16:00PM -0400, jamal wrote:
> On Thu, 2005-28-04 at 12:56 +1000, Herbert Xu wrote:
> 
> > Well netfilter certainly follows this scheme:
> > 
> > $ iptables -I INPUT -s 3.3.3.3 -d 4.4.4.4 -j ACCEPT
> > $ iptables -I INPUT -s 3.3.3.3 -d 4.4.4.4 -j ACCEPT
> > $ iptables -v -L INPUT -n
> > Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> >  pkts bytes target     prot opt in     out     source               destination 
> >     0     0 ACCEPT     all  --  *      *       3.3.3.3              4.4.4.4     
> >     0     0 ACCEPT     all  --  *      *       3.3.3.3              4.4.4.4     
> 
> Which is bizare to say the least. If you delete, only the first one gets
> deleted.

It isn't that strange.  It's also done using indices except that the
indices aren't fixed.  Do delete the second rule you would say

iptables -D INPUT 2
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt