need explanation on an iptables entry
 

# Generated by iptables-save v1.3.5 on Thu Jul 5 12:19:04 2007
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [12325:2319098]



What does the line ":OUTPUT ACCEPT [12325:2319098]" mean? will it cause any trouble? What would happen if I put [0:0]?

The output of iptables-save is an abbreviated listing of your firewall rules that iptables-restore can use to restore the state of the firewall. The line you ask about says the policy for the OUTPUT chain is DROP. The numbers in brackets are packet and byte counts for that policy that can be restored with iptables-restore. If you set them to zero, then you just lose that information.

I hope what you listed isn't the entire contents of that file. If so, all incoming packets will be dropped, including loopback packets. Normally you would want to at least accept loopback.

So wait, when you say packets or byte counts that can be restored, what are you saying exactly? That the chain made copies of packets as they went through and you can restore them into a packet and send them again?

Not at all. Netfilter counted the packets that "dropped through the end" of the chain and were handled by the chain's policy. It also kept track of the total size of those packets. So for the data posted, 12325 packets with a total size of 2319098 bytes were ACCEPTed by the OUPUT chain's policy. You can see this same data on a running netfilter with the command:

I don't think I have ever played around with iptables-restore, but according to its man page, using the -c option will restore the packet and byte counters. It just plugs the numbers in. It doesn't replay the packets!

Gotcha, thats were I was a little confused.
Altho, that would be awsome if it could replicate the packets...

*starts scheming*

:D

nomb