On Thursday 24 October 2002 8:15 pm, Robert P. J. Day wrote: > first, the script grabs the list of currently-used tables from > the file /proc/net/ip_tables_names, which is why i asked about this > file earlier -- the implication is that, given the possible tables > filter, nat and mangle, only those that are listed in that file > can possibly be in use at the moment. fair enough. but it > would make more sense to assign this list to a variable like > "tables", not "chains", wouldn't you think? :-) just being > pedantic. Yes. > iptables -F > > by default, this will flush the filter table, but isn't that > already empty from the previous statement? not a mistake, just > redundant, no? Correct. > the same redundancy seems to exist in the next loop that deletes > the user-defined chains: the loop really gets rid of all user-defined > chains in each table one at a time, and follows that up with > > iptables -X > > apparently just to give the "filter" table one last good kick > while it's down or something. is there something more to this > than meets the eye? No. No-one said it was a perfect script :-) The reason for using /proc/net/ip_tables_names is just to make sure the script doesn't generate errors no matter what sort of netfilter system it gets used on. The other things you've pointed out may be redundant, or less than pedantically perfect, but they won't generate errors, so newbies won't get worried. Antony. -- I vote "no" to this proposal to form a committee to investigate whether we should or should not hold a ballot on whether to vote yet.
