ons, 2002-04-24 kl. 18:41 skrev rpjday: > i want to clarify that the chain filter:OUTPUT is totally separate > from the chain nat:OUTPUT (if i can use that syntax to describe them). > is this correct?
Not to my tiny mind. There are 3 distinct and unique chains ...
> if you look at the /etc/init.d/iptables script in the latest releases
> of red hat linux (i'm running the latest skipjack beta from red hat),
> the "stop" excerpt of that script reads:
It don't say that in _my_ /etc/rc.d/init.d/iptables script. Which comes
with Netfilter. Although I _am_ running RH 7.2.
There it says:
---
stop() {
action "Flushing all chains:" iptables -F
action "Removing user defined chains:" iptables -X
echo $"Resetting built-in chains to the default ACCEPT policy:"
iptables -P INPUT ACCEPT && \
iptables -P FORWARD ACCEPT && \
iptables -P OUTPUT ACCEPT && \
success "Resetting built-in chains to the default ACCEPT policy" || \
failure "Resetting built-in chains to the default ACCEPT policy"
echo
/bin/echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
/bin/echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/bin/echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects
rm -f /var/lock/subsys/iptables
}
---
Why not think of the tables as sharing chains? Or being enclosed in and
sharing chains?
Tony
--
Tony Earnshaw
e-post: [EMAIL PROTECTED]
www: http://www.billy.demon.nl
gpg public key: http://www.billy.demon.nl/tonni.armor
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
