franck a écrit : [merge rules]
It is not that important, I just wondered whether it was possible or not. My file would have been easier to read, that is it.
If you want a file easier to read, my advice is that you group rules which have common matches into user-defined chains. For instance :
iptables -N pop3_out_request iptables -A OUTPUT -o eth0 -p tcp --dport 110 --sport $UNPRIVPORTS \ -m state --state NEW,ESTABLISHED -j pop3_out_request iptables -A pop3_out_request -d pop.mail.yahoo.co.uk -j ACCEPT iptables -A pop3_out_request -d pop.1and1.fr -j ACCEPT iptables -N pop3_in_reply iptables -A INPUT -i eth0 -p tcp --sport 110 --dport $UNPRIVPORTS \ -m state --state ESTABLISHED -j pop3_in_reply iptables -A pop3_in_reply -s pop.mail.yahoo.co.uk -j ACCEPT iptables -A pop3_in_reply -s pop.1and1.fr -j ACCEPT It does not make less rules, but simpler rules.