Bobcares

Iptables index of deletion too big – How we resolve it?

by | Oct 26, 2019

iptables: Index of deletion too big.

Confused about why your iptables rule deletion end up in this error message?

Usually, the iptables delete rule shows errors due to unspecified table-name or rules at the inaccessible position.

At Bobcares, we get many requests to fix iptables errors, as a part of our Server Management Services.

Today, let’s see how our Support Engineers fix this error.

 

What is iptables?

Iptables is the firewall utility inbuild in Linux systems. It includes rules for securing the system. This is applicable for both incoming and outgoing connections.

Mostly, we use iptables to manage packet filtering. It allows us to block connections from IPs, ports, etc. Hence iptables make the system less vulnerable to attacks.

But improper execution of commands often ends up in errors. One such error message is the ‘Index of deletion too big.

Even though the error message says nothing specific, our Support Engineers used to fix it.

Before getting deeper into the error, let’s have a look into packet filtering in iptables.

Iptables have tables which in turn contain the chain. A few main tables in use are:

  • filter – The default table that handles the network packet.
  • nat – It alters packets that create a new connection.
  • mangle – This table is for specific types of packet alteration.

Each of these tables has inbuilt chains corresponding to its action. Like, INPUT, OUTPUT, and FORWARD in the filter table.

Similarly, PREROUTING, OUTPUT, and POSTROUTING in nat table and so on.

 

What results in the error: index of deletion too big?

Consider the rule to accept input connections to port 80.

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

This allows incoming connection to port 80. Now, to delete this we use,

iptables -D INPUT -p tcp --dport 80 -j ACCEPT

But, this command deletes the rules if it belongs to the default filter table.

Similarly, we can delete iptables rules by specifying the line number. That is, firstly we list the rules using the option --line-numbers.

This lists the rules in the specified chain with the line number. Thereafter we use the delete command.

iptables -D <chain-name> <line-number>

But in many cases, these delete rules end up in errors. Because -D option removes the rule with the nearest match. That is the default table.

If the user is trying to remove a rule in a specific table, then iptables looks for the default table. And the above commands cannot find a match. This results in the error.

In short, error means that you’re trying to delete the rule at a position that doesn’t exist in the table.

 

Fix for the error: index of deletion too big.

Our customers often approach us with this error. When our Support Engineers check the reason, it’s mostly due to the unspecified table name.

Hence while deleting rules in a specific table we mention the table-name. The command usage is,

iptables -t <table-name> -D <chain-name> <line-number>

And this ensures removal of the specified rule.

For example, suppose there is the following rule on the server.

Chain PREROUTING (policy ACCEPT 5207 packets, 301K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 6x.yy.14.xx tcp dpt:80 to:1xx.40.yy.149:80

To delete it, we use the command:

iptables -t nat -D PREROUTING 1

This effectively removes the rule from iptables. Similarly, we can also get rid of the rule by finding the line number and then removing it by

csf -dr IPaddress

Here, we replace the IPaddress by specific IP.

[Still having trouble in fixing iptables errors? – We are available 24/7.]

 

Conclusion

In short, the iptables index of deletion too big is an error message while a user removes a rule from the table. Usually, it happens when the user does not specify the table-name. Today, we saw how our Support Engineers fix this error for our customers.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF