> However I agree with you that netfilter is easier to use and has more > capabilities, I still can't beleive that netfilter (iptables actually) > doesn't have a way to identify rules uniquely (via an ID). So simple > feaure, so powerfull, and still iptables doesn't have this. > > And no, linenumbers don't identify rules uniquely, they can change at > any moment. Yeah, I know this is pretty annoying. They are going to include the comment patch for this purpose, but it means you have to specify the ID.
