I am currently setting up a fedora c2 box to perform routing, the box can communicate to the external and the internal networks. the clients on the internal cannot get internet access. i have added iptable entries (as seen below) i Want to remove all the rules and just get the internal machines setup with internet connectivity...then i can start adding more specific rules

My main problem is that wen i run the iptables -F (to flush entries) they still remain in the iptables file?? No doubt i am missing sumthin...but what?

/etc/sysconfig/iptables
*mangle
:PREROUTING ACCEPT [167405:23043570]
:INPUT ACCEPT [10911:2766774]
:FORWARD ACCEPT [27696:1644743]
:OUTPUT ACCEPT [7381:586217]
:POSTROUTING ACCEPT [34850:2218884]
COMMIT
# Completed on Fri Dec 10 11:35:23 2004
# Generated by iptables-save v1.2.9 on Fri Dec 10 11:35:23 2004
*filter
:INPUT DROP [3175:1096675]
:FORWARD ACCEPT [27569:1639551]
:OUTPUT ACCEPT [7281:579333]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ! eth0 -m state --state NEW -j ACCEPT
-A INPUT -i eth0 -m state --state INVALID,NEW -j DROP
-A FORWARD -i eth0 -o eth0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -m state --state INVALID,NEW -j DROP
COMMIT
# Completed on Fri Dec 10 11:35:23 2004
# Generated by iptables-save v1.2.9 on Fri Dec 10 11:35:23 2004
*nat
:PREROUTING ACCEPT [184963:25023615]
:POSTROUTING ACCEPT [58:4227]
:OUTPUT ACCEPT [72:5375]
-A POSTROUTING -o eth0 -j SNAT --to-source 10.61.0.3
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT



Thanks in advance for any help

The /etc/sysconfig/iptables file is the default rule set. When iptables service is started these rules are loaded. The file will not reflect any manual changes via the command line or script unless they are saved:

service iptables save

You can also see the current rules via the command

iptables -L