[140578] in North American Network Operators' Group
Re: IPv6 gateway, was: Re: IPv6 foot-dragging
daemon@ATHENA.MIT.EDU (Jeroen van Aart)
Fri May 13 18:36:25 2011
Date: Fri, 13 May 2011 15:33:04 -0700
From: Jeroen van Aart <jeroen@mompl.net>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <EBF92A02-B7E3-457F-AC5A-87DB19347612@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Owen DeLong wrote:
> On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:
>> -I FORWARD -j DROP
>> -I FORWARD -s 2001:db8::/64 -j ACCEPT
>> -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>>
>
> I thought iptables processed rules in order until it found a match. In such a case, wouldn't
> you want those in the reverse order?
I think hat's the case with -A, but with -I the above is the right
order. Or at least it works here.
--
http://goldmark.org/jeff/stupid-disclaimers/
http://linuxmafia.com/~rick/faq/plural-of-virus.html
