Iptables – How to PREPEND rules rather than APPEND using iptables

firewalliptablesnetworking

Pretty basic question: how to PREPEND rules on IPTABLES rather than to APPEND?

I have DROP statements at the bottom of my rules. I have a software to add new rules but adding rules after DROP statements isn't good. Every time I want to add a new rule, I have to flush the table (which is inefficient).

Is there a way to prepend a rule i.e., add a rule to the top of the table rather than the bottom?

Many thanks.

Best Answer

Use the -I switch:

sudo iptables -I INPUT 1 -i lo -j ACCEPT

This would insert a rule at position #1 in the INPUT chain.

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Would it not be easier to switch off ssh forwarding on the ssh server? Just change AllowTcpForwarding from yes to no in your /etc/ssh/sshd_config. If this doesn't suit, you could try something along the lines of

iptables -A OUTPUT -o eth1 -p tcp --cmd-owner "sshd" -j DROP

Linux – How to cleanly and silently reload iptables rules

Have you tried loading your new rules with the iptables-restore command? This is in theory an atomic operation, which may take care of most of your issues. This does require that you write your rules in the format used by iptables-save.

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Linux – How to cleanly and silently reload iptables rules

Related Topic