Maybe I mis read or summit I do not know about arm. Using FORWARD as example but iptables -L FORWARD -vn --line-numbers then doing a iptables -D FORWARD <LINENUMBER> (to remove(yes there is a miliseconds delay before the match starts happening)) and iptables -I FORWARD <LINENUMBER> -m <SUMMIT> -j <SUMMIT> No need to flush. You can even do the -I then the -D so you miss less pkts. I must of got it wrong, too obvious from man iptables. Happy Christmas, people of the Packets. On Thu, 2005-12-22 at 14:55 -0500, Jody Shumaker wrote: > The iptables list of rules is read top to bottom, what is the problem > with this? I have my script flush the table, then add everything in > the order i want it in. The only case this might be a problem is where > you want to insert a rule at a specific spot in the order, without > flushing the table and causing it to momentarily not exist. Right now > I don't think that is possible. > > - Jody > > On 12/18/05, Marius Corici <coricim@xxxxxxxxx> wrote: > Hello > > I have some rules inserted in the NAT table dual SNAT and DNAT > for a connection > They use at some moment the same port of the outside network. > > The problem i have is that the connection tracking in the > kernel checks first the oldest rule and then the newest one. > I use a system based on ARM XScale processor. Is that the > default behaviour and how can i change this behaviour? > > Marius > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
