<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Lightner, Jeffrey" <JLightner@dsservices.com><br><b>To: </b>"Atlanta Linux Enthusiasts" <ale@ale.org><br><b>Sent: </b>Friday, August 26, 2016 8:58:02 AM<br><b>Subject: </b>Re: [ale] Easy way to add and delete iptables rules<br></blockquote></div><div data-marker="__QUOTED_TEXT__"><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;">Also the iptables-restore suggests you're editing your iptables file then using the restore to update memory.</blockquote><div>I only do this at boot.</div><div>fail2ban and miniupnpd have active rules when the firewall is running. </div><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><br><br>Instead you can use "iptables -I" to insert rules in your iptables in memory then use iptables-save to save to the file so you get the new rules on next restore.</blockquote><div><br></div><div>This would be a problem because that would restore nat rules at boot created by UPnP that are no longer valid. Maybe miniupnpd would see it and delete it. Not sure.</div><blockquote style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;" data-mce-style="border-left: 2px solid #1010FF; margin-left: 5px; padding-left: 5px; color: #000; font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><br>You can use "iptables -nL --line-numbers" to see existing rules and the lines they're on then specify the line number you wish to insert into with the -I flag.</blockquote><div><br></div><div>Yes, that I can do. List them, grok them, build a command, and execute it.</div><div><br data-mce-bogus="1"></div><div>My hope was that I can simply create a table for each kid and just add and delete with ease. If I need to list line numbers, parse it out, and do it that way I can do that too. I hesitate because I'm not sure that way is the "pest practice".</div><div><br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><br></div></div></body></html>