On Tue, 2004-10-19 at 18:42 +0200, Martin G.H. Minkler wrote: > Aloh�! > > Just out of curiosity - which is faster (what kind of datastructure does > iptables use)? > > a) iptables -A <chain> <rule> > b) iptables -I <chain> 1 <rule> > > Maybe this is rather a kernelspace question and should be directed to > that mailing list?
Iptables -I inserts the chain at the top of the rules. Iptables -A adds it to the bottom of the rules. so, iptables -A INPUT -p icmp -j DROP iptables -A INPUT -p tcp -j DROP iptables -I INPUT -p udp -j DROP is the same as iptables -A INPUT -p udp -j DROP iptables -A INPUT -p icmp -j DROP iptables -A INPUT -p tcp -j DROP Cheers! -- Juan Carlos Inostroza O. Registered Linux User #246002 [EMAIL PROTECTED] - http://www.tux.cl - http://foros.tux.cl Blogging for fun _and_ profit : http://jci.codemonkey.cl "We are just packets in the Internet of Life" -- UserFriendly
