iptables on FC11

[Tim]

On Tue, 2009-10-13 at 22:21 +0200, paul van der meij wrote:
> I was misled by an internet suggestion that nmap was a good tool to
> check iptables configuration, but that is not true.

Depends on how you're using it...  It's commonly used on one computer to
probe another computer.  If you try to run it on the same machine that
you want to probe, that might give you some peculiar results.

> iptables -L gives the correct information

nmap tells you what it finds, iptables -L tells you how it's configured.
It's easy enough to have conflicting iptables rules, or additional rules
that modify prior ones.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.