On Tuesday 15 July 2008 16:57, nate wrote:
(-A) Appends the new rule at the end of the chain.
(-I) will insert it at the beginning when no line number is given.
Man iptables for this information
I read the man page and it didn't make sense I guess because my rules aren't setup the standard way, I have no idea what line number my rules are at. My firewall scripts call iptables explicitly, and in some cases the rules are dynamic. Just adapted the same scripts over the years from ipfwadm to ipchains to iptables.
While a lot of people use scripts to setup their firewalls I cannot understand why they do not commit them to the normal config file and use the normal setup to start/reset/stop their firewall. And I have a reason for saying this.
If you use the system way to start and stop your firewall and use a script to setup/test new settings you could save yourself a lot of headaches if you mess something up in the script and it stops working. You simply restart the firewall and the original rules are applied from the last time you saved them.
But everyone has their own way of doing things. What is easy for one seems like a daunting task.