June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.18. Inserting Firewall Rules
Problem
Rather than appending a rule to a chain, you want to insert or replace one elsewhere in the chain.
Solution
Instead of the -A option, use -I to insert or -R to replace. You’ll need to know the numeric position, within the existing rules, of the new rule. For instance, to insert a new rule in the fourth position in the chain:
# iptables -Ichain4...specification...# ipchains -Ichain4...specification...
To replace the second rule in a chain:
# iptables -Rchain2...specification...# ipchains -Rchain2...specification...
Discussion
When you insert a rule at position N in a chain, the old rule N becomes rule N+1, rule N+1 becomes rule N+2, and so on. To see the rules in a chain in order, so you can determine the right numeric offset, list the chain with -L. [Recipe 2.16]
See Also
iptables(8), ipchains(8).