If you don't specify the '-t' then it will be '-t filter' by default. Follow the following, it should give you the insight you need:
root@localhost# iptables -N test root@localhost# iptables -A test -j DNAT --to 10.100.100.100 iptables: Invalid argument root@localhost# iptables -A test -t nat -j DNAT --to 10.100.100.100 iptables: No chain/target/match by that name root@localhost# iptables -X test root@localhost# iptables -N test -t nat root@localhost# iptables -A test -j DNAT --to 10.100.100.100 iptables: No chain/target/match by that name root@localhost# iptables -A test -t net -j DNAT --to 10.100.100.100 root@localhost# Ramin On Mon, Jun 24, 2002 at 12:57:13PM -0700, Christian Seberino wrote: > Ed > > Thanks for the reply. I can accept that -F is necessary > *for every single table separately*. > > User defined chains are *not* tied to specific tables > as far as I can tell. Is there any value in doing > > iptables -t nat -X > iptables -t mangle -X > iptables -t filter -X > > rather than just iptables -X??? > > Linux Firewalls book has the three line method instead if iptables -X. > > Chris > > > On Mon, Jun 24, 2002 at 02:47:50PM -0400, Ed Street wrote: > > Hello, > > > > Well first off the regular expression of Iptables -F will NOT flush the > > specific tables i.e. nat/manglefilter. However, if you are NOT using > > those tables it's pointless to -F as there's nothing there. In general > > it's a good idea and a good habit to get into using. > > > > To test your theory you need some rules in any of those three tables. > > Do the iptables -F and then run iptables -t nat -L -n you will see the > > rules are still there. > > > > Ed > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of Christian Seberino > > Sent: Monday, June 24, 2002 2:41 PM > > To: [EMAIL PROTECTED] > > Subject: iptables -F & iptables -X good enough *for all* tables/chains? > > > > iptables -F > > iptables -X > > > > These simple 2 lines seem good enough to > > nuke *all* rules and *all* user defined chains..... > > > > Yet, in print (like Linux Firewalls book) I often > > see people wanting to apply -F and -X to > > *every single table one by one* > > > > (e.g. iptables -t nat -F > > iptables -t filter -F > > iptables -t mangle -F > > etc.) > > > > Am I missing something? My simple 2 lines above > > seem good enough to do the trick. > > > > Chris > > -- > > _______________________________________ > > > > Dr. Christian Seberino > > SPAWAR Systems Center San Diego > > Code 2363 > > 53560 Hull Street > > San Diego, CA 92152-5001 > > U.S.A. > > > > Phone: (619) 553-7940 > > Fax: (619) 553-2836 > > Email: [EMAIL PROTECTED] > > _______________________________________ > > > > -- > _______________________________________ > > Dr. Christian Seberino > SPAWAR Systems Center San Diego > Code 2363 > 53560 Hull Street > San Diego, CA 92152-5001 > U.S.A. > > Phone: (619) 553-7940 > Fax: (619) 553-2836 > Email: [EMAIL PROTECTED] > _______________________________________
