Checking Your iptables Configuration
Before proceeding further, you should check your current configuration. Some distributions now ship with firewall-creation tools, and it's possible these are running without your knowledge. You can check your system's current configuration by passing iptables the -L parameter. You can also add the -t table- name parameter to check on a particular table. (The default table-name is filter , but you may want to check the nat and mangle tables, as well.) This should produce output similar to the following:
# iptables -L -t filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
This output shows no iptables rules in the standard filter table. This is a good starting point for further modifications. If your system has firewall rules already defined, you should try to track down what script is defining them and disable it. (It may be a SysV startup script called firewall or something similar.) You can then use the -F parameter to flush the rules from a chain, thus:
# iptables -F INPUT -t filter
It's generally a good idea to begin your firewall script with this command, similar commands for other chains in the filter table, and perhaps with equivalents for other tables. This ensures that your new firewall rules aren't added to old rules, which can cause great confusion.