IPv6 gateway, was: Re: IPv6 foot-dragging
Jeroen van Aart
jeroen at mompl.net
Fri May 13 17:33:04 CDT 2011
Owen DeLong wrote:
> On May 13, 2011, at 2:32 PM, Jeroen van Aart wrote:
>> -I FORWARD -j DROP
>> -I FORWARD -s 2001:db8::/64 -j ACCEPT
>> -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> I thought iptables processed rules in order until it found a match. In such a case, wouldn't
> you want those in the reverse order?
I think hat's the case with -A, but with -I the above is the right
order. Or at least it works here.
More information about the NANOG