def _weed_out_removes(line):
# remove any rules or chains from the filter that were slated
# for removal
if line.startswith(':'):
chain = line[1:]
if chain in table.remove_chains: table.remove_chains.remove(chain)
return False
else:
if line in table.remove_rules: table.remove_rules.remove(line) return False
# Leave it alone
return True
You can see that when you get the iptables rule name in the code “line[1:]”,
there is a count after the chain name, and the count value changes,
which invalidates the judgment
2018-08-27 10:07:32.989 3258 INFO neutron. agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :neutron- vpn-agen- FORWARD agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :POSTROUTING ACCEPT [11:1184] agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :OUTPUT ACCEPT [11:1184] agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :FORWARD ACCEPT [0:0] agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :INPUT ACCEPT [1675:120600] agent.linux. iptables_ manager [-] ------- ------- ------_ weed_out_ removes rule: :PREROUTING ACCEPT [1676:120664]
2018-08-27 10:07:32.990 3258 INFO neutron.
2018-08-27 10:07:32.990 3258 INFO neutron.
2018-08-27 10:07:32.990 3258 INFO neutron.
2018-08-27 10:07:32.990 3258 INFO neutron.
2018-08-27 10:07:32.991 3258 INFO neutron.
def _weed_out_ removes( line): (':'): chains:
table. remove_ chains. remove( chain)
table. remove_ rules.remove( line)
return False
# remove any rules or chains from the filter that were slated
# for removal
if line.startswith
chain = line[1:]
if chain in table.remove_
return False
else:
if line in table.remove_rules:
# Leave it alone
return True
You can see that when you get the iptables rule name in the code “line[1:]”,
there is a count after the chain name, and the count value changes,
which invalidates the judgment