Firewall.local and custom rules


I try to block acces to ipfire webui for a network but after i had the start rule and the stop rule in the good position, i have this message on start :

iptables: Bad rule (does a matching rule exist in that chain?

After boot i try to add and remove manually the same rule with shell command and it work manually.

Start rule

iptables -A CUSTOMINPUT -s -p tcp -d --dport 444 -j DROP

Stop rule

iptables -D CUSTOMINPUT -s -p tcp -d --dport 444 -j DROP

I don’t understand because this is the first custom rule i try to add. I know i can add rule with the web ui but i wan’t to understand how Ipfire.

Thank’s for help

Is the bad rule message only on boot? I am guessing that during a boot there is a firewall.local stop and then start (or a firewall.local reload)

If it does the stop first then there is noting to delete since the rule doesn’t exist (yet).

as a possibility you could check to see if the rule exists first with iptables -C. If it does exist first, then delete it (iptables -D)


thank’s for you answer, yes exactly finally this is not a problem he try to delete a non exist rule