iptables - explain

Alistair Tonner Alistair at nerdnet.ca
Sat Apr 30 08:24:54 CEST 2005


On April 30, 2005 01:39 am, varun_saa at vsnl.net wrote:

	Comments in inline -- - note the << below
> Hello,
>       I wish to understand the following
> in the iptables file.
>
> I see the following the entries :
>
> # Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005		
> *nat		<<< NAT table header
>
> :OUTPUT ACCEPT [0:0]     << Chain + policy + packet/byte count
> :PREROUTING ACCEPT [0:0]     << Chain + policy + packet/byte count
> :POSTROUTING ACCEPT [0:0]       ""
>
> # Completed on Tue Apr 26 14:50:01 2005
> # Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
> *mangle		<<< Mamgle table header
>
> :PREROUTING ACCEPT [707:100355] << see above Chain/policy/packet/byte count
> :INPUT ACCEPT [704:99811]                 ''
> :FORWARD ACCEPT [0:0]			 ''
> :OUTPUT ACCEPT [541:74129]		 ''
> :POSTROUTING ACCEPT [611:85191]	""
>
> # Completed on Tue Apr 26 14:50:01 2005
> # Generated by iptables-save v1.2.9 on Tue Apr 26 14:50:01 2005
> *filter 		<<<< filter table header
>
> :FORWARD ACCEPT [0:0]
> :INPUT DROP [0:0]
> :OUTPUT ACCEPT [0:0]
>
> What do you entries like " OUTPUT ACCEPT [0:0] "

	Output chain in x table - Policy on the chain is ACCEPT and 0 packets/ 0 
Bytes have been tracked through the chain.

	This is the file from iptables-save and should only be used to save and 
reload the firewall over reboots.  I wouldn't recommend trying to understand 
it unless you do crazy stuff like -- edit the file with sed when your cable 
modem changes ip's *cough* (glances around)

	Alistair Tonner

> signify or represent.
>
> Thanks
>
> Varun



More information about the netfilter mailing list