On May 13, 2011, at 3:33 PM, Jeroen van Aart wrote: > Owen DeLong wrote: >> On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote: > >>> -I FORWARD -j DROP >>> -I FORWARD -s 2001:db8::/64 -j ACCEPT >>> -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT >>> >> I thought iptables processed rules in order until it found a match. In such >> a case, wouldn't >> you want those in the reverse order? > > I think hat's the case with -A, but with -I the above is the right order. Or > at least it works here. >
DOH! Arcane syntax failure on the part of my brain's parser. Of course if you are Inserting rather than Appending. Owen