How to Remove Rejected (!) Routes from Linux Routing Table: A Complete Guide for Network Troubleshooting


2 views

When working with Linux routing tables, you might encounter entries marked with "!" (rejected) or "!H" (host unreachable) flags. These routes automatically block traffic to specific destinations, often causing unexpected connectivity issues.

Here's a typical problematic routing table output:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.46.79   -               255.255.255.255 !H    2      -        0 -
10.1.0.0        -               255.255.0.0     !     2      -        0 -

The normal route del command often fails for rejected routes because:

  • The interface is specified as "-" (none)
  • The gateway is empty or marked as "-"
  • The flags combination makes them hard to match exactly

Here are three proven methods to remove these problematic routes:

Method 1: Using iproute2 (Recommended)

# For network rejections
sudo ip route del unreachable 10.1.0.0/16

# For host rejections
sudo ip route del unreachable 192.168.46.79/32

Method 2: Traditional route command with workaround

# First find the exact route metrics
route -n

# Then delete with metric specification
sudo route del -net 10.1.0.0 netmask 255.255.0.0 metric 2

Method 3: Flush all rejected routes (nuclear option)

# List all rejected routes
ip route show | grep "unreachable"

# Pipe to delete (use with caution)
ip route show | grep "unreachable" | while read -r line; do
    sudo ip route del $line
done

To prevent these routes from reappearing after reboot:

  1. Check your network manager configuration
  2. Review VPN client settings
  3. Examine /etc/network/interfaces or NetworkManager configs

When troubleshooting routing issues:

# Check route selection for specific destination
ip route get 10.1.1.1

# Monitor route changes in real-time
ip monitor route

When working with Linux routing tables, you might encounter special "rejected" routes marked with "!" in the flags column. These routes can cause unexpected routing behavior, particularly when they take precedence over valid routes to the same destination.

First, examine your routing table with:

route -n
# or alternatively:
ip route show

In your case, you're seeing duplicate entries for certain networks with the rejected route taking precedence:

192.168.46.79   *               255.255.255.255 UH    0      0        0 ipsec0
192.168.46.79   -               255.255.255.255 !H    2      -        0 -
10.1.0.0        *               255.255.0.0     U     0      0        0 ipsec0
10.1.0.0        -               255.255.0.0     !     2      -        0 -

These rejected routes are often automatically generated by VPN software or routing daemons to prevent routing loops or enforce policy routing. The "!" flag indicates that packets matching this route should be rejected with an ICMP unreachable message.

To remove these problematic routes, use one of these methods:

Method 1: Using the route command

sudo route del -net 10.1.0.0 netmask 255.255.0.0 reject
sudo route del -host 192.168.46.79 reject

Method 2: Using iproute2 (preferred)

sudo ip route del 10.1.0.0/16 reject
sudo ip route del 192.168.46.79/32 reject

Method 3: Preventing re-creation

To prevent these routes from being recreated, you may need to:

# For OpenVPN:
sudo sysctl -w net.ipv4.conf.all.rp_filter=2

# For IPSec:
Edit your ipsec.conf to adjust routing policies

After removal, verify with:

ip route show | grep reject
# or
route -n | grep "!"

You should no longer see the rejected routes for these destinations.

For a persistent solution across reboots, create a network script:

#!/bin/bash
# /etc/network/if-up.d/remove_rejected_routes

ip route del 10.1.0.0/16 reject
ip route del 192.168.46.79/32 reject

Make it executable:

sudo chmod +x /etc/network/if-up.d/remove_rejected_routes

If routes keep reappearing:

  • Check VPN client configuration
  • Examine network manager settings
  • Look for routing daemons (zebra, quagga, etc.)
  • Inspect kernel routing tables with "ip route show table all"