April 4th, 2012, 03:16 PM
I have a script that is several hundred lines long full of iptables rules (I've spent way too much time on this, and had far too much fun testing it) but when I run the script, the rules go in wrong - that is, when I do...

iptables -vnL
The order (being that iptables starts at the top of the chain and works its way down) is out of order, but it's ordered properly in the script. Is there something I can do to fix this easily?

So, though the rules in the script are ordered properly, when I run the script the Jump to ACCEPTED is listed BEFORE the logging rules. Why is this?

April 4th, 2012, 03:20 PM
Another, asside question... How the heck do I change the default logging location of iptables? I don't want it logging to /var/log/syslog... I want it logging to /var/log/iptables.log

April 4th, 2012, 05:54 PM
You are using -I instead of -A to insert your rules. -I is an insert command, -A is append. Rules are being inserted at the beginning of every chain, instead of being appended to the end of the chain.

I'm not entirely sure if iptables allows you to change it's logging location. However, you can use --log-level and --log-prefix to help format your log messages, and then use rsyslog rules to redirect all output into /var/log/iptables.log.

April 6th, 2012, 02:32 PM
You're absolutely right - I'm using -A in all rules except the block I posted and I cannot believe I missed that! Thanks for pointing it out.

Problem solved - that was indeed the issue for that set of rules.

April 6th, 2012, 03:46 PM
Your script looks very interesting and it looks like that you have actually invested a lot of time to that.
