iptables -F & iptables -X good enough *for all* tables/chains?
Mon, 24 Jun 2002 12:57:13 -0700
Thanks for the reply. I can accept that -F is necessary
*for every single table separately*.
User defined chains are *not* tied to specific tables
as far as I can tell. Is there any value in doing
iptables -t nat -X
iptables -t mangle -X
iptables -t filter -X
rather than just iptables -X???
Linux Firewalls book has the three line method instead if iptables -X.
On Mon, Jun 24, 2002 at 02:47:50PM -0400, Ed Street wrote:
> Well first off the regular expression of Iptables -F will NOT flush the
> specific tables i.e. nat/manglefilter. However, if you are NOT using
> those tables it's pointless to -F as there's nothing there. In general
> it's a good idea and a good habit to get into using.
> To test your theory you need some rules in any of those three tables.
> Do the iptables -F and then run iptables -t nat -L -n you will see the
> rules are still there.
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com] On Behalf Of Christian Seberino
> Sent: Monday, June 24, 2002 2:41 PM
> To: firstname.lastname@example.org
> Subject: iptables -F & iptables -X good enough *for all* tables/chains?
> iptables -F
> iptables -X
> These simple 2 lines seem good enough to
> nuke *all* rules and *all* user defined chains.....
> Yet, in print (like Linux Firewalls book) I often
> see people wanting to apply -F and -X to
> *every single table one by one*
> (e.g. iptables -t nat -F
> iptables -t filter -F
> iptables -t mangle -F
> Am I missing something? My simple 2 lines above
> seem good enough to do the trick.
> Dr. Christian Seberino
> SPAWAR Systems Center San Diego
> Code 2363
> 53560 Hull Street
> San Diego, CA 92152-5001
> Phone: (619) 553-7940
> Fax: (619) 553-2836
> Email: email@example.com
Dr. Christian Seberino
SPAWAR Systems Center San Diego
53560 Hull Street
San Diego, CA 92152-5001
Phone: (619) 553-7940
Fax: (619) 553-2836