On Tuesday 15 July 2008 14:43, nate wrote:
Try to insert the rule (-I) instead of append (-A). I recall encountering weirdness between using the two different methods for adding a rule. I don't know why, but it seems to make a difference in some cases. The man page doesn't make it clear to me what the difference is and why it (might) cause a change of behavior.
(-A) Appends the new rule at the end of the chain.
(-I) will insert it at the beginning when no line number is given.
Man iptables for this information
-A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.
-I, --insert chain [rulenum] rule-specification Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.