Re: [gentoo-user] Re: iptables - do I need the nat table?

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Tanstaafl <tanstaafl@libertytrek.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: iptables - do I need the nat table?
Date: Mon, 12 Apr 2010 08:31:09 -0400	[thread overview]
Message-ID: <4BC3128D.5020805@libertytrek.org> (raw)
In-Reply-To: <87wrwe2kib.fsf@newton.gmurray.org.uk>

On 2010-04-11 9:20 AM, Graham Murray wrote:
> Tanstaafl <tanstaafl@libertytrek.org> writes:
>> I'm a bit clueless when it comes to firewalls, and have no idea what
>> these numbers mean/do:
>>
>> *raw
>> :PREROUTING ACCEPT [4911:886011]
>> :OUTPUT ACCEPT [4546:2818732]
>> COMMIT

> The numbers are [packets:bytes] which match the rule or table
> concerned. 

Ok, so... I still don't know what they *mean*... ie, is this a hole in
my firewall? What is the raw table used for, in plain english?

More importantly though...

When I try to remove the nat and raw tables from my firewall, they don't
go away. I have always kept my rules in a separate file, and when I want
to make changes, I change the external file, then do iptables-restore <
/path/to/iptables-current.

(My rule set is very small, so this only takes a second or two, so its
not/never been a problem)

I've been doing it this way for a long time, and all other changes I
have ever made - eg, opening a certain port for a certain host - work
fine, but, when I comment out the raw and nat tables, then restore the
rules, then do iptables-save > path/to/iptables-current-dump, the
examined file still shows the raw and nat tables loaded... ???

next prev parent reply	other threads:[~2010-04-12 12:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-10 22:17 [gentoo-user] iptables - do I need the nat table? Tanstaafl
2010-04-11  2:26 ` [gentoo-user] " Kerin Millar
2010-04-11 10:46   ` Tanstaafl
2010-04-11 13:20     ` Graham Murray
2010-04-12 12:31       ` Tanstaafl [this message]
2010-04-12 17:21         ` stosss
2010-04-15 18:25         ` Mick

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4BC3128D.5020805@libertytrek.org \
    --to=tanstaafl@libertytrek.org \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox