On Fri, 2005-01-14 at 01:03, seberino@xxxxxxxxxxxxxxx wrote: > When I want to start from scratch in my firewall > script I usually do this: > > $IPTABLES -t filter -F > $IPTABLES -t mangle -F > $IPTABLES -t nat -F which flushes all the rules out of those tables > $IPTABLES -t filter -X > $IPTABLES -t mangle -X > $IPTABLES -t nat -X which deletes all chains in those tables. > I'm not sure if -Z switch does anything useful after this violent > scrubbing of my iptables... it still does what it would do any other time. > $IPTABLES -Z > > By the way... is this correct/better/wrong?? if your intention is to zero your byte counters--then it's correct. if your intention is to retain your byte counters across reloads--then it's wrong. > $IPTABLES -t filter -Z > $IPTABLES -t mangle -Z > $IPTABLES -t nat -Z > > I read man page on iptables but it still was not clear if I need > -Z to 'reset the byte count' and other stuff like it says it will do. people that rely on byte counters for accounting type uses probably don't use -Z when they reload their rules. i only use the counters as an indication of rule hits--so i do reset the counters every time i reload my rules. but it's not a question of right or wrong. -j -- "The only monster here is the gambling monster that has enslaved your mother! I call him Gamblor, and it's time to snatch your mother from his neon claws!" --The Simpsons
