search

cowgill / spamhaus

A shell script that grabs the latest Spamhaus DROP List and adds it to iptables.
50 stars 21 forks source link

Prepend Spamhaus chain at top #1

Open andreaspollak opened 11 years ago

andreaspollak commented 11 years ago

Hi, i prefer to prepend the Spamhaus chain at the top (like fail2ban,...) of iptables, instead of appending it at the bottom.

Line 35-39:

# tie chain to input rules so it runs
$IPTABLES -I INPUT 1 -j $CHAIN

# don't allow this traffic through
$IPTABLES -I FORWARD 1 -j $CHAIN
mwgentile commented 9 years ago

Agreed. It doesn't do much good to have the rule placed below my explicit deny. Having a "place at top-of-ruleset" option would save the user a step.

volkan-k commented 9 years ago

you dont need to write rule number (1), it is default if you use "-I" instead of "-A"

-I, --insert chain [rulenum] rule-specification Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.

script is open-source, and it allows you to "place at top-of-ruleset" by simply changing two "-A" characters to "-I" but feel free to fork it on github, amend it to your heart's content, so that it does exactly what you would have it to do.