Typically I'm using MikroTik embeded routers, they're basing on Linux so their firewall settings feel pretty much 1:1 the same as iptables, just commands are a bit different but mechanics the same. Some more advance MTK firewall functionality with raw iptables can be achieved using -m extensions - like connection states or comments for example.
I can't find disable option in raw iptables. Is there any iptables extension that allows to temporarily disable iptables rules?
By temporarily I mean disabling rule without actually removing it from table so that it's still visible in iptables -L but not functional. In MTK you can type something like set 40 disabled=yes and then later set 40 disabled=no
1 Answer
You can't do this in raw iptables. You can only add/delete/modify rule.
You can achieve similar functionality by changing target of rule to nothing (don't specify -j). But to do this, you must write again the whole rule and new rule still will be processed (matched; but no action will be done).
