From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Joey" <Joey@Web56.net>
Subject: iptables-save ?
Date: Wed, 22 Oct 2008 04:35:27 -0400
Message-ID: <002f01c93421$227ad450$67707cf0$@net>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-owner@vger.kernel.org>
Content-Language: en-us
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: IPTables <netfilter@vger.kernel.org>

Hello All,

 

I am considering writing my config out in an iptables-save format rather
than my list which gets loaded in a perl script which takes a long time.

In researching the file format I see # which is a comment, but what is a :
like the below lines?

Do I need these if I have my 

-A INPUT -j CIDR-ASIAN

-A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -j LOG --log-prefix
"SPAM-BLOCK-CIDR-ASIAN" 

-A CIDR-ASIAN -s 58.14.0.0/255.254.0.0 -p tcp -m tcp --dport 25 -j DROP

 

If I do need them, does the sequence matter of when I execute my :CIDR-ASIAN
- [0:0] -vs- when I execute the above?

 

 

# Generated by iptables-save v1.2.11 on Wed Oct 22 04:14:00 2008

*filter

:INPUT ACCEPT [5420870:1818203807]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [6422769:3043272788]

:CIDR-ASIAN - [0:0]

:CIDR-CZECH - [0:0]

:CIDR-DROP - [0:0]

:CIDR-IISG - [0:0]

:CIDR-INDIA-KOREA - [0:0]

:CIDR-POLAND - [0:0]

:CIDR-RUSSIA - [0:0]

:CIDR-TURKEY - [0:0]

:CIDR-UK - [0:0]

:fail2ban-postfix - [0:0]

:fail2ban-postfix-log - [0:0]

 

Thanks,

 

Joey