User`s manual
TC-6110 Linux User's Manual  Managing Communications 
3-22 
List current rule chains for a target table, or for all tables 
The full command for listing rule chains is as follows: 
MOXA:~# iptables [-t table, or multiple, tables,…] [-L chain] [-n] 
Command Arguments: 
  -t: Table to manipulate (default: ‘filter’); available args are filter, nat, mangle, raw, and security 
  -L: Indicates a chain to be listed. If no chain is selected, all chains are listed. 
  -n: Returns the numeric output of addresses and ports: e.g. TCP and UDP ports are printed as numbers, 
rather than names. This also saves execution time by preventing iptables from looking up DNS requests.   
WARNING 
Simple commands listing iptable NAT or filter rules will autoload selected kernel modules, including the 
connectiong tracking (conntrack) and filter (iptable_filter
) modules. On high-
capacity production servers, these 
modules easily overload and bring the networking system down. Whenever a list command is issued, check the 
message buffer (
dmesg) to see if drivers have been auto-loaded, and what they are. For more inf
ormation, see 
http://backstage.soundcloud.com/2012/08/shoot
-yourself-in-the-foot-with-iptables-and-kmod-auto-loading/
.   
Flush a current rule chain, or delete a user-specified chain   
The full command to flush rule chains is as follows: 
MOXA:~# iptables [-t table, or tables] [-FXZ] 
Command Arguments: 
  -t: Table to manipulate; choices are filter, nat, mangle, raw, and security. Defaults to filter. 
  -F: Flush the selected chain (if no chains are specified, this flushes all the chains in the table) 
  -X: Delete the specified user-defined chain (chain must be empty and all references to the chain must be 
deleted first); if no argument is given, all non-built-in chains will be deleted 
WARNING 
The command 
moxa@MOXA:~# iptables –F will flush all iptables rulechains from the kernel, 
permanently 
deleting the firewall and fully exposing the computer to the open Internet.
Y
ou should save any firewall rules you configure in a file that you can use to convenient re-
load them, in the 
event that they are flushed. Before flushing any rule chains, first make sure you have saved your configuration 
in an independent file that may be
conviently uploaded to Netfilter. The following command will save all of the 
current iptables rules to 
/etc/sysconfig/iptables.save: 
moxa@MOXA:~# /sbin/service iptables save   
Zero-out the packet and byte counters for a rule chain 
Zeroing the counters is sometimes useful when monitoring firewall activity for analysis. When used in 
combination with the list argument, the zero argument will give a precise measurement of the number of 
packets that have been processed since the last measurement, for all chains, a given chain, or even a given 
rule within a chain. The full command to flush rule chains is as follows: 
MOXA:~# iptables –L –Z -n [chain [rulenum]] 
Command Arguments: 
  -Z: Set the packet and byte counters to zero in all chains, for only a given chain, or only a rule in a chain 
Delete a User-Generated Chain 
This command deletes a specified user-defined chain.   
MOXA:~# iptables –X [chain] 










