Could you post /etc/sysconfig/iptables?
/etc/sysconfig/iptables doesn't necessarily reflect what is running right now, and you can't include the counters with it.
I'm not interested in the counters I want to see how the rules are
I think he's trying to tell you that any changes made since the *last* write to /etc/sysconfig/iptables won't be reflected in that file. Or rather, what if that file has been written to, but not read from? The fact remains that "iptables -L" is more useful because it is a live state.
In fact, I've got a few machines where all my rules are only kept in running memory. They're all activated/reactivated/modified using scripts. No state is stored on disk.
[snip] Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere [/snip] What are we accepting here? All packets? If this is the case then there is no need for the rest of the rules in this chain.
depends on the INPUT rule that references this. but yes, once a packet has been filtered to get here, then it will be accepted.
see? you can read this output.