How to PREPEND rules rather than APPEND using iptables?

networking firewall iptables

Solution 1:

Use the -I switch:

sudo iptables -I INPUT 1 -i lo -j ACCEPT

This would insert a rule at position #1 in the INPUT chain.

Solution 2:

-I will insert. You're probably using -A to append.

You can also do iptables -I chain rulenum to insert a rule as number "rulenum" in chain "chain". -R chain rulenum can be used to replace a specific rule at number "rulenum" in chain "chain". iptables -L -n --line-numbers will show the rule numbers in the left-most column.

Solution 3:

To help with determining what line number to add the new rule, I use iptables-save to output the existing rules to the console.

For beginners I can also suggest a cheat card by using webmin administer your rules. It's very friendly and you can easily manually re-order rules in the list. It will also handle the 'slight' variations in redhat vs debian based implementations of iptables.

Related

Listen to UDP data on local port with netcat
xvda1 is 100% full, What is it? how to fix?
Disable a service from starting at all runlevels?
The perfect server room?
Rsync triggered Linux OOM killer on a single 50 GB file
How to read in N random characters from /dev/urandom?
In Bash, are wildcard expansions guaranteed to be in order?
What is the difference between a Source NAT, Destination NAT and Masquerading?
Multiple public keys for one user
IPTables only allow localhost access
What does * * * * * (five asterisks) in a cron file mean? [duplicate]
Apache 2 startup warning: NameVirtualHost *:80 has no VirtualHosts