2009/7/16 Simion Onea <simionea@xxxxxxxxx>:! > > In my opinion it is good practice. We have been using such a rule for > some time. In our set of iptables rules we have these in the beginning: > > #------ .... snip long set of rules... > The same rules can also be applied to FORWARD chain. > As a thought could you add those to a custom tables, say for the sake of example shared: iptables -N shared iptables -A shared <whatever> then in the input chain and forward chains make the first rule a jump to shared. This makes it easier to manage the 'common' rule set as you only need to change it at a single point rather than having to remember to change both occurances... -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html