[CentOS] Help with iptables rule for blocking UDP port 53

Robert Spangler mlists at zoominternet.net
Tue Jul 15 20:46:56 UTC 2008


On Tuesday 15 July 2008 14:43, nate wrote:

>  Try to insert the rule (-I) instead of append (-A). I recall encountering
>  weirdness between using the two different methods for adding a rule.
>  I don't know why, but it seems to make a difference in some cases.
>  The man page doesn't make it clear to me what the difference is and why
>  it (might) cause a change of behavior.

(-A) Appends the new rule at the end of the chain.

(-I) will insert it at the beginning when no line number is given.

Man iptables for this information

       -A, --append chain rule-specification
 Append  one  or more rules to the end of the selected chain.
 When the source and/or destination  names resolve to more than one address, a
 rule will be added for each possible address  combination.

       -I, --insert chain [rulenum] rule-specification
 Insert one or more rules in the selected chain as the given rule number.  So,
 if the rule number is 1, the rule or rules are inserted at the head of the
 chain.  This is also the default  if  no rule number is specified.


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org



More information about the CentOS mailing list