> Could you post /etc/sysconfig/iptables?
/etc/sysconfig/iptables doesn't necessarily reflect what is running
right now, and you can't include the counters with it.
> I'm not interested in the counters I want to see how the rules are
I think he's trying to tell you that any changes made since the *last*
write to /etc/sysconfig/iptables won't be reflected in that file. Or
rather, what if that file has been written to, but not read from? The
fact remains that "iptables -L" is more useful because it is a live state.
In fact, I've got a few machines where all my rules are only kept in
running memory. They're all activated/reactivated/modified using
scripts. No state is stored on disk.
[snip]
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
[/snip]
What are we accepting here? All packets? If this is the case then there is
no need for the rest of the rules in this chain.
depends on the INPUT rule that references this. but yes, once a packet
has been filtered to get here, then it will be accepted.
see? you can read this output.
--
Spiro Harvey Knossos Networks Ltd
021-295-1923 www.knossos.net.nz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
