Robert Spangler wrote:
(-A) Appends the new rule at the end of the chain.
(-I) will insert it at the beginning when no line number is given.
Man iptables for this information
I read the man page and it didn't make sense I guess because my rules aren't setup the standard way, I have no idea what line number my rules are at. My firewall scripts call iptables explicitly, and in some cases the rules are dynamic. Just adapted the same scripts over the years from ipfwadm to ipchains to iptables.
in any case it doesn't matter, packet filter is more friendly for me.
nate