iptables --flush confusion

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Tue Nov 24 20:49:48 UTC 2009


On Tue, Nov 24, 2009 at 12:14:34PM -0800, E K wrote:
> 
> --- On Sat, 5/30/09, simon-tlug-GaisZHhRk3c at public.gmane.org <simon-tlug-GaisZHhRk3c at public.gmane.org> wrote:
> 
> > From: simon-tlug-GaisZHhRk3c at public.gmane.org <simon-tlug-GaisZHhRk3c at public.gmane.org>
> > Subject: [TLUG]: iptables --flush confusion
> > To: tlug-lxSQFCZeNF4 at public.gmane.org
> > Received: Saturday, May 30, 2009, 5:22 PM
> > I have a router set up to do NAT
> > that's using iptables, with net.ipv4.ip_forward=1, and I'm
> > somewhat confused why when I do an 'iptables --flush', I'm
> > no longer able to connect to it from another device that is
> > on the same subnet that the 'wan' interface is on.
> > 
> > Does anyone know why this is? Am I misunderstanding what it
> > is that --flush does, or some other basic networking
> > concept?
> > 
> > Cheers,
> > spd
> > --
> 
> You are clearing the filter table entries from the router. That basically breaks the NAT operation.

Yes flush deletes all current iptable entries from that table (specified
with -t).  It does not change the policy of any chains.  Great way to
block yourself out of a box by accident. :)

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list