A simple information here. If you want to flush/ erase rule in iptables we could use this command (in root priviledges)
#iptables -F
But then I just find out the command above is only effect the filter part. As you see iptables is contain from 2 section :
#iptables-save (use this command to see it)
# Generated by iptables-save v1.4.4 on Thu Feb 10 15:43:25 2011
*nat
:PREROUTING ACCEPT [16484:1765483]
:POSTROUTING ACCEPT [21634:1739118]
:OUTPUT ACCEPT [11021:996796]
-A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp –dport 8080 -j REDIRECT –to-ports 3128
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Feb 10 15:43:25 2011
# Generated by iptables-save v1.4.4 on Thu Feb 10 15:43:25 2011
*filter
:INPUT ACCEPT [404762:258985209]
:FORWARD ACCEPT [21370:2410334]
:OUTPUT ACCEPT [425653:290069937]
COMMIT
# Competed on Thu Feb 10 15:43:25 2011
*nat
:PREROUTING ACCEPT [16484:1765483]
:POSTROUTING ACCEPT [21634:1739118]
:OUTPUT ACCEPT [11021:996796]
-A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp –dport 8080 -j REDIRECT –to-ports 3128
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Thu Feb 10 15:43:25 2011
# Generated by iptables-save v1.4.4 on Thu Feb 10 15:43:25 2011
*filter
:INPUT ACCEPT [404762:258985209]
:FORWARD ACCEPT [21370:2410334]
:OUTPUT ACCEPT [425653:290069937]
COMMIT
# Competed on Thu Feb 10 15:43:25 2011
There are *nat section and *filter section.
iptables -F only effects *filter section. If you want to erase *nat section use this command
#iptables -t nat -F
That’s it.