iptables: Index of deletion too big.
Confused about why your iptables rule deletion end up in this error message?
Usually, the iptables delete rule shows errors due to unspecified table-name or rules at the inaccessible position.
At Bobcares, we get many requests to fix iptables errors, as a part of our Server Management Services.
Today, let’s see how our Support Engineers fix this error.
What is iptables?
Iptables is the firewall utility inbuild in Linux systems. It includes rules for securing the system. This is applicable for both incoming and outgoing connections.
Mostly, we use iptables to manage packet filtering. It allows us to block connections from IPs, ports, etc. Hence iptables make the system less vulnerable to attacks.
But improper execution of commands often ends up in errors. One such error message is the ‘Index of deletion too big.
Even though the error message says nothing specific, our Support Engineers used to fix it.
Before getting deeper into the error, let’s have a look into packet filtering in iptables.
Iptables have tables which in turn contain the chain. A few main tables in use are:
filter
– The default table that handles the network packet.nat
– It alters packets that create a new connection.mangle
– This table is for specific types of packet alteration.
Each of these tables has inbuilt chains corresponding to its action. Like, INPUT, OUTPUT, and FORWARD in the filter table.
Similarly, PREROUTING, OUTPUT, and POSTROUTING in nat table and so on.
What results in the error: index of deletion too big?
Consider the rule to accept input connections to port 80.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
This allows incoming connection to port 80. Now, to delete this we use,
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
But, this command deletes the rules if it belongs to the default filter table.
Similarly, we can delete iptables rules by specifying the line number. That is, firstly we list the rules using the option --line-numbers
.
This lists the rules in the specified chain with the line number. Thereafter we use the delete command.
iptables -D <chain-name> <line-number>
But in many cases, these delete rules end up in errors. Because -D option removes the rule with the nearest match. That is the default table.
If the user is trying to remove a rule in a specific table, then iptables looks for the default table. And the above commands cannot find a match. This results in the error.
In short, error means that you’re trying to delete the rule at a position that doesn’t exist in the table.
Fix for the error: index of deletion too big.
Our customers often approach us with this error. When our Support Engineers check the reason, it’s mostly due to the unspecified table name.
Hence while deleting rules in a specific table we mention the table-name. The command usage is,
iptables -t <table-name> -D <chain-name> <line-number>
And this ensures removal of the specified rule.
For example, suppose there is the following rule on the server.
Chain PREROUTING (policy ACCEPT 5207 packets, 301K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DNAT tcp -- eth0 * 0.0.0.0/0 6x.yy.14.xx tcp dpt:80 to:1xx.40.yy.149:80
To delete it, we use the command:
iptables -t nat -D PREROUTING 1
This effectively removes the rule from iptables. Similarly, we can also get rid of the rule by finding the line number and then removing it by
csf -dr IPaddress
Here, we replace the IPaddress by specific IP.
[Still having trouble in fixing iptables errors? – We are available 24/7.]
Conclusion
In short, the iptables index of deletion too big is an error message while a user removes a rule from the table. Usually, it happens when the user does not specify the table-name. Today, we saw how our Support Engineers fix this error for our customers.
0 Comments