diff options
author | Florian Westphal <fw@strlen.de> | 2021-08-14 19:46:43 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-09-07 14:16:07 +0200 |
commit | 61e85e3192deaff3b9dd1eb9270863acc7a26311 (patch) | |
tree | 2f5d28c03235d25b2cef5f1e0f64b928ed551c5f /iptables/iptables.8.in | |
parent | 544e7dc1541e4db3abc9896ff757e7642c97738e (diff) |
iptables-nft: allow removal of empty builtin chains
The only reason why this is prohibited is that you cannot do it
in iptables-legacy.
This removes the artifical limitation.
"iptables-nft -X" will leave the builtin chains alone;
Also, deletion is only permitted if the chain is empty.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/iptables.8.in')
-rw-r--r-- | iptables/iptables.8.in | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index 999cf339..759ec54f 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -25,10 +25,10 @@ .SH NAME iptables/ip6tables \(em administration tool for IPv4/IPv6 packet filtering and NAT .SH SYNOPSIS -\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP} +\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP|\fB-V\fP} \fIchain\fP \fIrule-specification\fP .P -\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP} +\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-C\fP|\fB\-D\fP|\fB-V\fP} \fIchain rule-specification\fP .PP \fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP @@ -220,11 +220,11 @@ Create a new user-defined chain by the given name. There must be no target of that name already. .TP \fB\-X\fP, \fB\-\-delete\-chain\fP [\fIchain\fP] -Delete the optional user-defined chain specified. There must be no references +Delete the chain specified. There must be no references to the chain. If there are, you must delete or replace the referring rules before the chain can be deleted. The chain must be empty, i.e. not contain -any rules. If no argument is given, it will attempt to delete every -non-builtin chain in the table. +any rules. If no argument is given, it will delete all empty chains in the +table. Empty builtin chains can only be deleted with \fBiptables-nft\fP. .TP \fB\-P\fP, \fB\-\-policy\fP \fIchain target\fP Set the policy for the built-in (non-user-defined) chain to the given target. @@ -362,6 +362,9 @@ For appending, insertion, deletion and replacement, this causes detailed information on the rule or rules to be printed. \fB\-v\fP may be specified multiple times to possibly emit more detailed debug statements. .TP +\fB\-V\fP, \fB\-\-version\fP +Show program version and the kernel API used. +.TP \fB\-w\fP, \fB\-\-wait\fP [\fIseconds\fP] Wait for the xtables lock. To prevent multiple instances of the program from running concurrently, |