Re: Newbie can't get firewall to quit working
Because of you not specifying tables, --flush will only flush the
default table (filter). See:
adelita:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adelita:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adelita:~# iptables --flush
adelita:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adelita:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adelita:~# iptables -t nat --flush
adelita:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
adelita:~#
I mean, the "nat" table, for instance, is not flushed 'til I do -t nat
--flush. I don't know, but maybe you have rules in those tables?
Regards
Pope
El mar, 19-11-2002 a las 21:35, Miller, Jeff - x3328 escribió:
> Hi all,
> For some reason a script I wrote from an ipchains tutorial does nothing.
> When I try to get rid of it so I can get back into the machine I cannot. I'm
> doing an iptables --flush, then I set all the policies back to ACCEPT.
> Everything looks ok;
> jeffm@brains:~$ sudo iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> jeffm@brains:~$
>
> yet the machine is unreachable (can't even ssh to itself). Rebooting fixes
> it. What am I missing?
> Thanks,
> Jeffm
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Luis Gómez Miralles
InfoEmergencias - Technical Department
Phone (+34) 654 24 01 34
Fax (+34) 963 49 31 80
lgomez@infoemergencias.com
PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
Reply to: