The rc.flush-iptables.txt script should not really be called
a script in itself. The rc.flush-iptables.txt script will reset and flush
all your tables and chains. The script starts by setting the default policies
to ACCEPT on the INPUT,
OUTPUT and FORWARD chains of
the filter table. After this we reset the default
policies of the PREROUTING,
POSTROUTING and OUTPUT
chains of the nat table. We do this first so we won't
have to bother about closed connections and packets not getting through. This
script is intended for actually setting up and troubleshooting your firewall,
and hence we only care about opening the whole thing up and resetting it to
default values.
After this we flush all chains first in the filter
table and then in the NAT table. This way we know there
are no redundant rules lying around anywhere. When all of this is done, we jump
down to the next section where we erase all the user specified chains in the
NAT and filter tables. When
this step is done, we consider the script done. You may consider adding rules
to flush your mangle table if you use it.
 | One final word on this issue. Certain people have mailed me asking me to
put this script into the original rc.firewall script using Red Hat Linux
syntax where you type something like rc.firewall start and the script starts.
However, I will not do that since this is a tutorial and should be used as a
place to fetch ideas mainly and it shouldn't be filled up with shell scripts
and strange syntax. Adding shell script syntax and other things makes the
script harder to read as far as I am concerned and the tutorial was written
with readability in mind and will continue being so.
|
