On Tuesday, June 28, 2011 02:38 AM, Ljubomir Ljubojevic wrote: > John R Pierce wrote: >> On 06/27/11 10:43 AM, Ljubomir Ljubojevic wrote: >>>> note that doesn't show all the pertinent info. I prefer `iptable -L >>>> -vn`, and it still doesn't show the nat tables, you also need >>>> `iptable -L -vn -t nat` to see those chains, and `iptable -L -vn -t >>>> mangle` if you're using any mangle entries. >>> >>> iptables-save is designed for iptables output. >> >> sure, for saving to the startup scripts.... the commands I listed >> above were to display the tables with full info... Without the -v >> flag, -L only shows part of the important stuff. >> > iptables-save man: > > DESCRIPTION: > iptables-save is used to dump the contents of an IP Table in easily > parseable format to STDOUT. Use I/O-redirection provided by your shell > to write to a file. > You seem to have a problem understanding what John is saying. When you add the v flag, iptables will also report in/out interfaces so that you don't have to guess when you are trying to fix up the rules on the spot and not by editing some file.