Re: iptables -A or iptables -I?

To: ifpadmin@uni-bonn.de
Cc: debian-firewall@lists.debian.org
Subject: Re: iptables -A or iptables -I?
From: Juan Carlos Inostroza <jci@tux.cl>
Date: Tue, 19 Oct 2004 13:47:32 -0300
Message-id: <[🔎] 1098204452.3444.7.camel@canes.sc.eso.org>
In-reply-to: <[🔎] 417543EF.4070105@gmx.net>
References: <[🔎] 417543EF.4070105@gmx.net>

On Tue, 2004-10-19 at 18:42 +0200, Martin G.H. Minkler wrote:
> Alohá!
> 
> Just out of curiosity - which is faster (what kind of datastructure does 
> iptables use)?
> 
> a) iptables -A <chain> <rule>
> b) iptables -I <chain> 1 <rule>
> 
> Maybe this is rather a kernelspace question and should be directed to 
> that mailing list?

Iptables -I inserts the chain at the top of the rules.
Iptables -A adds it to the bottom of the rules.

so,

iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP

is the same as

iptables -A INPUT -p udp -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p tcp -j DROP

Cheers!

-- 
Juan Carlos Inostroza O.
Registered Linux User #246002
jci@tux.cl - http://www.tux.cl - http://foros.tux.cl
Blogging for fun _and_ profit : http://jci.codemonkey.cl
"We are just packets in the Internet of Life" -- UserFriendly

Reply to:

Follow-Ups:
- Re: iptables -A or iptables -I?
  - From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>

References:
- iptables -A or iptables -I?
  - From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>

Prev by Date: iptables -A or iptables -I?
Next by Date: Re: iptables -A or iptables -I?
Previous by thread: iptables -A or iptables -I?
Next by thread: Re: iptables -A or iptables -I?
Index(es):
- Date
- Thread