LARTC - Nov 2004 - how to remove rules

hi
I have trying to remove the extra rules from my routing tables,
however with no luck
Also I want to know these duplicate entries have an effect on packets
going routed?
I have this overwhelming rules lists from my predessor who added the
"ip rule add fwmark" entries in firewall script, and on each run of
firewall script its creates an extra entry in routing table.
Now what I want to get rid of  an extras "from all fwmark 0x2 lookup
squid.out" leaving only one that what''s I needs.

here is the output of "ip rule ls"

0:      from all lookup local
32742:  from all fwmark 0x2 lookup squid.out
32743:  from all fwmark 0x2 lookup squid.out
32744:  from all fwmark 0x2 lookup squid.out
32745:  from all fwmark 0x2 lookup squid.out
32746:  from all fwmark 0x2 lookup squid.out
32747:  from all fwmark 0x2 lookup squid.out
32748:  from all fwmark 0x2 lookup squid.out
32749:  from all fwmark 0x2 lookup squid.out
32750:  from all fwmark 0x2 lookup squid.out
32751:  from all fwmark 0x2 lookup squid.out
32752:  from all fwmark 0x2 lookup squid.out
32753:  from all fwmark 0x2 lookup squid.out
32754:  from all fwmark 0x2 lookup squid.out
32755:  from all fwmark 0x2 lookup squid.out
32756:  from all fwmark 0x2 lookup squid.out
32757:  from all fwmark 0x2 lookup squid.out
32758:  from all fwmark 0x2 lookup squid.out
32759:  from all fwmark 0x2 lookup squid.out
32760:  from all fwmark 0x2 lookup squid.out
32761:  from all fwmark 0x2 lookup squid.out
32762:  from all fwmark 0x2 lookup squid.out
32763:  from all fwmark 0x2 lookup squid.out
32764:  from all fwmark 0x2 lookup squid.out
32765:  from all fwmark 0x2 lookup squid.out
32766:  from all lookup main
32767:  from all lookup 253

regards


-- 
(after bouncing head on desk for days trying to get mine working, I''ll
make
your life a little easier)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I''ve had the same problem.  I sorta wish there was an "ip rule
flush"
command that would leave only the default rules.

Anyway, what I do to prevent my rules from getting out of hand is every time 
I add a rule, I first delete the very same rule.  This prevents the 
duplicates, at least.

So every place in my script that I might have:

IP RULE ADD <some rule>

I place before it:

IP RULE DEL <some rule>

Works for me.

----- Original Message ----- 
From: "Askar" <askarali@gmail.com>
To: <lartc@mailman.ds9a.nl>
Sent: Tuesday, November 23, 2004 4:57 AM
Subject: [LARTC] how to remove rules

> hi
> I have trying to remove the extra rules from my routing tables,
> however with no luck
> Also I want to know these duplicate entries have an effect on packets
> going routed?
> I have this overwhelming rules lists from my predessor who added the
> "ip rule add fwmark" entries in firewall script, and on each run
of
> firewall script its creates an extra entry in routing table.
> Now what I want to get rid of  an extras "from all fwmark 0x2 lookup
> squid.out" leaving only one that what''s I needs.
>
> here is the output of "ip rule ls"
>
> 0:      from all lookup local
> 32742:  from all fwmark 0x2 lookup squid.out
> 32743:  from all fwmark 0x2 lookup squid.out
> 32744:  from all fwmark 0x2 lookup squid.out
> 32745:  from all fwmark 0x2 lookup squid.out
> 32746:  from all fwmark 0x2 lookup squid.out
> 32747:  from all fwmark 0x2 lookup squid.out
> 32748:  from all fwmark 0x2 lookup squid.out
> 32749:  from all fwmark 0x2 lookup squid.out
> 32750:  from all fwmark 0x2 lookup squid.out
> 32751:  from all fwmark 0x2 lookup squid.out
> 32752:  from all fwmark 0x2 lookup squid.out
> 32753:  from all fwmark 0x2 lookup squid.out
> 32754:  from all fwmark 0x2 lookup squid.out
> 32755:  from all fwmark 0x2 lookup squid.out
> 32756:  from all fwmark 0x2 lookup squid.out
> 32757:  from all fwmark 0x2 lookup squid.out
> 32758:  from all fwmark 0x2 lookup squid.out
> 32759:  from all fwmark 0x2 lookup squid.out
> 32760:  from all fwmark 0x2 lookup squid.out
> 32761:  from all fwmark 0x2 lookup squid.out
> 32762:  from all fwmark 0x2 lookup squid.out
> 32763:  from all fwmark 0x2 lookup squid.out
> 32764:  from all fwmark 0x2 lookup squid.out
> 32765:  from all fwmark 0x2 lookup squid.out
> 32766:  from all lookup main
> 32767:  from all lookup 253
>
> regards
>
>
> -- 
> (after bouncing head on desk for days trying to get mine working,
I''ll
> make
> your life a little easier)
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello all!

 : I''ve had the same problem.  I sorta wish there was an "ip rule
flush"
 : command that would leave only the default rules.

I have a function called "flush" which flushes all tables and all
rules
other than the main routing table.  Here''s the "rule" flush
portion.  It
won''t win any points for elegance, but it should get the job done:

    ip rule show | grep -Ev ''^(0|32766|32767):'' \
      | while read PRIO RULE; do
      ip rule del prio ${PRIO%%:*} $( echo $RULE | sed
''s|all|0/0|'' )
    done

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Cool, thanks.  I''ve never been too good at "complex"
scripting myself (I
have a mental block of seeing all complex scripting as inelegant and 
sub-optimal by nature, so I understand your comment about
"inelegance"), but
I see exactly what you''re doing, and it seems about as elegant as
possible
with a script.  Very nice.  That goes right into my routing script.

Chris

----- Original Message ----- 
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: "Chris Bennett" <chris@symbio.com>
Cc: <lartc@mailman.ds9a.nl>
Sent: Tuesday, November 23, 2004 1:30 PM
Subject: Re: [LARTC] how to remove rules

> Hello all!
>
> : I''ve had the same problem.  I sorta wish there was an "ip
rule flush"
> : command that would leave only the default rules.
>
> I have a function called "flush" which flushes all tables and all
rules
> other than the main routing table.  Here''s the "rule"
flush portion.  It
> won''t win any points for elegance, but it should get the job done:
>
>    ip rule show | grep -Ev ''^(0|32766|32767):'' \
>      | while read PRIO RULE; do
>      ip rule del prio ${PRIO%%:*} $( echo $RULE | sed
''s|all|0/0|'' )
>    done
>
> -Martin
>
> -- 
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi,
>  : I''ve had the same problem.  I sorta wish there was an "ip
rule flush"
>  : command that would leave only the default rules.
Would be nice.
> I have a function called "flush" which flushes all tables and all
rules
> other than the main routing table.  Here''s the "rule"
flush portion.  It
> won''t win any points for elegance, but it should get the job done:
> 
>     ip rule show | grep -Ev ''^(0|32766|32767):'' \
>       | while read PRIO RULE; do
>       ip rule del prio ${PRIO%%:*} $( echo $RULE | sed
''s|all|0/0|'' )
>     done
This is what I''ve used in my iproute2 shell library package, maybe
it''s
a bit more elegant (only one fork involved). Since we change our local, 
main and default table in our distro to different values I''ve added a 
KEEP variable. Prepend it to adjust to your settings.

: ${KEEP:="local main default"}
while read prio rule; do
     continue=0
     for keep in ${KEEP}; do
         if [ "${rule//lookup ${keep}/}" != "${rule}" ];
then
             continue=1
         fi
     done
     if [ ${continue} -eq 0 ]; then
         ip rule del prio ${prio%%:*} ${rule//all/0/0}
     fi
done < <(ip rule show)

Best regards,
Roberto Nibali, ratz
-- 
echo 
''[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq''
| dc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/