nanog mailing list archives
Re: IPv6 gateway, was: Re: IPv6 foot-dragging
From: Owen DeLong <owen () delong com>
Date: Fri, 13 May 2011 15:41:38 -0700
On May 13, 2011, at 3:33 PM, Jeroen van Aart wrote:
Owen DeLong wrote:On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:-I FORWARD -j DROP -I FORWARD -s 2001:db8::/64 -j ACCEPT -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPTI thought iptables processed rules in order until it found a match. In such a case, wouldn't you want those in the reverse order?I think hat's the case with -A, but with -I the above is the right order. Or at least it works here.
DOH! Arcane syntax failure on the part of my brain's parser. Of course if you are Inserting rather than Appending. Owen
Current thread:
- IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Owen DeLong (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Jeroen van Aart (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Owen DeLong (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Owen DeLong (May 13)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Todd Lyons (May 16)
- Re: IPv6 gateway, was: Re: IPv6 foot-dragging Erik Muller (May 17)