On Tue, Apr 10, 2012 at 11:07:27PM -0700, gopi bhimavarapu wrote: > Hi > > I was trying to flush a chain, delete all the rules and delete the chain before creation of the chain. > This approach worked fine in iptables-1.4.0, but seems like in iptables-1.4.12.2, we cannot flush a non existing chain. > Is there any change in the expected behavior ? I don't know if there was a change or not, but as far as I can tell, you don't need to flush anything when using iptables-save/iptables-restore, it just replace your current ruleset. > > > Snippet below works fine in 1.4.0 (using iptables-restore), but complains in iptables-1.4.12.2 > > > *filter > :FORWARD DROP [0:0] > -F chain_tun_0_ > -D FORWARD -o tun_0_+ -j chain_tun_0_ > -D FORWARD -i tun_0_+ -j chain_tun_0_ > -X chain_tun_0_ > :chain_tun_0_ - [0:0] > -I chain_tun_0_ -j DROP > -I FORWARD -i tun_0_+ -j chain_tun_0_ > -I FORWARD -o tun_0_+ -j chain_tun_0_ > -I chain_tun_0_ --protocol all -o tun_0_+ -j ACCEPT > -I chain_tun_0_ --protocol all -i tun_0_+ -j ACCEPT > -o ext0 -I chain_tun_0_ -j DROP > -i ext0 -I chain_tun_0_ -j DROP > COMMIT > > > Regards, > Gopi > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
