iptables -F & iptables -X good enough *for all* tables/chains?

Christian Seberino seberino@spawar.navy.mil
Mon, 24 Jun 2002 12:57:13 -0700 

Ed

Thanks for the reply.  I can accept that -F is necessary
*for every single table separately*.

User defined chains are *not* tied to specific tables
as far as I can tell.  Is there any value in doing

iptables -t nat -X
iptables -t mangle -X
iptables -t filter -X

rather than just iptables -X???

Linux Firewalls book has the three line method instead if iptables -X.

Chris


On Mon, Jun 24, 2002 at 02:47:50PM -0400, Ed Street wrote:
> Hello,
> 
> Well first off the regular expression of Iptables -F will NOT flush the
> specific tables i.e. nat/manglefilter.  However, if you are NOT using
> those tables it's pointless to -F as there's nothing there.  In general
> it's a good idea and a good habit to get into using.
> 
> To test your theory you need some rules in any of those three tables.
> Do the iptables -F and then run iptables -t nat -L -n you will see the
> rules are still there.
> 
> Ed
> 
> -----Original Message-----
> From: netfilter-admin@lists.samba.org
> [mailto:netfilter-admin@lists.samba.org] On Behalf Of Christian Seberino
> Sent: Monday, June 24, 2002 2:41 PM
> To: netfilter@lists.samba.org
> Subject: iptables -F & iptables -X good enough *for all* tables/chains?
> 
> iptables -F
> iptables -X
> 
> These simple 2 lines seem good enough to
> nuke *all* rules and *all* user defined chains.....
> 
> Yet, in print (like Linux Firewalls book) I often
> see people wanting to apply -F and -X to 
> *every single table one by one*
> 
> (e.g. iptables -t nat    -F
>       iptables -t filter -F
>       iptables -t mangle -F
>  etc.)
> 
> Am I missing something? My simple 2 lines above
> seem good enough to do the trick.
> 
> Chris
> -- 
> _______________________________________
> 
> Dr. Christian Seberino
> SPAWAR Systems Center San Diego
> Code 2363
> 53560 Hull Street
> San Diego, CA 92152-5001
> U.S.A.
> 
> Phone: (619) 553-7940
> Fax:   (619) 553-2836
> Email: seberino@spawar.navy.mil
> _______________________________________
> 

-- 
_______________________________________

Dr. Christian Seberino
SPAWAR Systems Center San Diego
Code 2363
53560 Hull Street
San Diego, CA 92152-5001
U.S.A.

Phone: (619) 553-7940
Fax:   (619) 553-2836
Email: seberino@spawar.navy.mil
_______________________________________