[140579] in North American Network Operators' Group
Re: IPv6 gateway, was: Re: IPv6 foot-dragging
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri May 13 18:47:11 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4DCDB1A0.9030002@mompl.net>
Date: Fri, 13 May 2011 15:41:38 -0700
To: Jeroen van Aart <jeroen@mompl.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 13, 2011, at 3:33 PM, Jeroen van Aart wrote:
> Owen DeLong wrote:
>> On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:
>=20
>>> -I FORWARD -j DROP
>>> -I FORWARD -s 2001:db8::/64 -j ACCEPT
>>> -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>>>=20
>> I thought iptables processed rules in order until it found a match. =
In such a case, wouldn't
>> you want those in the reverse order?
>=20
> I think hat's the case with -A, but with -I the above is the right =
order. Or at least it works here.
>=20
DOH! Arcane syntax failure on the part of my brain's parser.
Of course if you are Inserting rather than Appending.
Owen
