iptables
 

I wish to query if it would be advisable to flush my current iptables configuration which was configured automatically during the installation of Linux. The reason I wish to flush is

1) Start anew
2) Learn how to write iptables

I understand from the man pages I can save my current configuration by issuing the command iptables-save however am unsure how to use it should the need arise to restore it. I appreciate any advice.

On RedHat/Fedora, iptables rules are saved in /etc/sysconfig/iptables. You can rename this to iptables.old.

After this you can restart your iptables. This will prevent the rules created by RedHat install from loading at boot.

If your system is connected to the internet, please disconnect before you turn iptables off.

You can use it like these:

For backing up rules
#iptables-save > iptables.backup

and restoring them
#iptables-restore < iptables.backup

Hope these helps.

Thanks guys. ppuru, your advice was helpful unfortunately I have stopped using Red Hat 9 and opted a distribution with the latest kernel and stock security.

create iptables
 

I just flushed my iptables and am starting a new. Now if I wish to block all output my understanding of writing iptables is

iptables -A OUTPUT -p all -i eth0 -j DROP

Would this be correct?

Obie

We could have continued this discussion on your earlier post at

http://www.linuxquestions.org/questi...hreadid=215674

sorry ppuru as I thought my question had been answered, I should start a new thread. I do apologise. If the moderators could somehow merge them I would be happy to continue from where I left off.

Meanwhile, I came across this script:
# Iptables firewall reset script
*filter
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
COMMIT

*mangle
:PREROUTING ACCEPT [164:15203]
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
:POSTROUTING ACCEPT [147:63028]
COMMIT

*nat
:PREROUTING ACCEPT [14:672]
:POSTROUTING ACCEPT [9:684]
:OUTPUT ACCEPT [9:684]
COMMIT

What does the numbers e.g. [164:15203] represent?

the packets and bytes that these rules have handled...

ppuru,

sorry I don't follow. Would you mind giving an example and also what would happen if it was simply [0:0]

Also I noticed although I flushed my iptables i.e. iptables --flush it still has Chain INPUT (policy drop) rather than Chain INPUT (policy ACCEPT) Why is that?

try iptables -Z. this will set the counters to [0:0].

When you flush only the rules will be cleaned but global policy will remain same. To change them use the command

Also a descriptive part from the man page of iptables:

Done :)

Capt_Caveman,

Sweet. I didn't know merging them would be possible but thank you.

ppuru,

I still don't follow what the numbers represent and how they work

-----------------------------------------------------------------
ppuru's quote:
try iptables -Z. this will set the counters to [0:0]
-----------------------------------------------------------------

barisdemiray,

Thank you for providing an example however I wish to understand when does it change to drop from accept and vice versa

-----------------------------------------------------------------
barisdemiray's quote:
When you flush only the rules will be cleaned but global policy will remain same. To change them use the command
iptables -P INPUT ACCEPT
-----------------------------------------------------------------

Another query,

What does -I INPUT do exactly. I understand what -A(APPEND), -D(DELETE) and -R(REPLACE) do but still don't quite follow -I? Also whenever a guide for example refers to say "slot 3" does it mean the third line within say the INPUT chain?