Re: iptables -A or iptables -I?

To: debian-firewall@lists.debian.org
Subject: Re: iptables -A or iptables -I?
From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>
Date: Tue, 19 Oct 2004 19:07:47 +0200
Message-id: <[🔎] 417549E3.8010702@gmx.net>
Reply-to: ifpadmin@uni-bonn.de
In-reply-to: <[🔎] 1098204452.3444.7.camel@canes.sc.eso.org>
References: <[🔎] 417543EF.4070105@gmx.net> <[🔎] 1098204452.3444.7.camel@canes.sc.eso.org>

Juan Carlos Inostroza wrote:


iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p tcp -j DROP
iptables -I INPUT -p udp -j DROP

is the same as

iptables -A INPUT -p udp -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p tcp -j DROP

The effect certainly is, I was just wondering how the appendage orinsertion of another rule worked 'under the hood'.

The background to my question is a 1.4MB IP blacklist I have to block. Itraverse so that only incoming NEW from $DEV_INET is passing that chain,but appending the ruleset (i.e. at boottime) takes roughly 30min.

So I was wondering whether inserting might be quicker :-)

Martin

Reply to:

Follow-Ups:
- Re: iptables -A or iptables -I?
  - From: martin f krafft <madduck@debian.org>
- Re: iptables -A or iptables -I?
  - From: Juan Carlos Inostroza <jci@tux.cl>

References:
- iptables -A or iptables -I?
  - From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>
- Re: iptables -A or iptables -I?
  - From: Juan Carlos Inostroza <jci@tux.cl>

Prev by Date: Re: iptables -A or iptables -I?
Next by Date: Re: iptables -A or iptables -I?
Previous by thread: Re: iptables -A or iptables -I?
Next by thread: Re: iptables -A or iptables -I?
Index(es):
- Date
- Thread