On 2010-04-11 9:20 AM, Graham Murray wrote: > Tanstaafl <tansta...@libertytrek.org> writes: >> I'm a bit clueless when it comes to firewalls, and have no idea what >> these numbers mean/do: >> >> *raw >> :PREROUTING ACCEPT [4911:886011] >> :OUTPUT ACCEPT [4546:2818732] >> COMMIT
> The numbers are [packets:bytes] which match the rule or table > concerned. Ok, so... I still don't know what they *mean*... ie, is this a hole in my firewall? What is the raw table used for, in plain english? More importantly though... When I try to remove the nat and raw tables from my firewall, they don't go away. I have always kept my rules in a separate file, and when I want to make changes, I change the external file, then do iptables-restore < /path/to/iptables-current. (My rule set is very small, so this only takes a second or two, so its not/never been a problem) I've been doing it this way for a long time, and all other changes I have ever made - eg, opening a certain port for a certain host - work fine, but, when I comment out the raw and nat tables, then restore the rules, then do iptables-save > path/to/iptables-current-dump, the examined file still shows the raw and nat tables loaded... ???
