On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote: > Jeroen van Aart wrote: >> -I FORWARD -i eth0 -s 2001:db8::/64 -j ACCEPT >> -I FORWARD -i eth1 -d 2001:db8::/64 -j ACCEPT > > Just in case if anyone'd be using it as an example. It's a good idea to make > your rules more restrictive. > > Something like: > -I FORWARD -j DROP > -I FORWARD -s 2001:db8::/64 -j ACCEPT > -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT >
I thought iptables processed rules in order until it found a match. In such a case, wouldn't you want those in the reverse order? Owen