On Monday 24 February 2003 11:32 am, Chi wrote: > I'm new to iptables so .... If you haven't already, bookmark and read through the documentation at http://netfilter.org , and Oskar Andreasson's fantastic tutorial at http://iptables-tutorial.frozentux.net . > After I use #iptables -P INPUT DROP > #iptables -P FORWARD DROP > #iptables -P OUTPUT DROP > and # service iptables save > > I have this in the /etc/sysconfig/iptables: > :INPUT DROP [82:20563] > :FORWARD DROP [0:0] > :OUTPUT DROP [0:0] > > So what is exactly those numbers for? and can I manually change it? > also I have noticed that those numbers changes every time when I > changed the rules. The numbers are Packets:Bytes that have matched. If you have several rules (instead of simply a DROP policy for the chain) this will show you how much traffic matched each rule. You shouldn't manually edit it, but if you want to reset it use "iptables -Z" (to zero the counts for the default table, filter) and/or "iptables -t nat -Z". (to zero counts for the NAT table) If you list the active rules with "iptables -v -n -L" it will list all the filter table rules along with packets and bytes that matched each, and here again "-t nat" will specify the nat table instead of the default filter table. j > Thanks. > > Chi
