But this way. I am sure that I overwrite another important rule. Now I need something that lists all INPUT rules by number on the screen
Is /usr/sbin/iptables -L -nv
what you need ?
;-) Someone who explains to me why I cant just append rule 3,4,5,6 at the end of the INPUT rules (APPEND) instead I have to INSERT them? Is it because of rule 23 which cannot be overwritten? Would make sense to me. Then I better insert right bevore line 23, right? Regards, Mike Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED udp dpts:137:138 3 DROP all -- xxx.xxx.xxx.0/24 0.0.0.0/0 4 DROP all -- xxx.xxx.xxx.0/24 0.0.0.0/0 5 DROP all -- xxx.xxx.xxx.0/24 0.0.0.0/0 6 DROP all -- xxx.xxx.xxx.0/24 0.0.0.0/0 8 LOG all -- 127.0.0.0/8 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 9 LOG all -- 0.0.0.0/0 127.0.0.0/8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 10 DROP all -- 127.0.0.0/8 0.0.0.0/0 11 DROP all -- 0.0.0.0/0 127.0.0.0/8 12 LOG all -- 192.168.10.11 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 13 DROP all -- 192.168.10.11 0.0.0.0/0 14 LOG all -- xxx.xxx.xxx.xxx 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 15 DROP all -- xxx.xxx.xxx.xxx 0.0.0.0/0 16 input_ext all -- 0.0.0.0/0 xxx.xxx.xxx.xxx 17 input_int all -- 0.0.0.0/0 192.168.10.11 18 DROP all -- 0.0.0.0/0 192.168.10.255 19 DROP all -- 0.0.0.0/0 255.255.255.255 20 LOG all -- 0.0.0.0/0 xxx.xxx.xxx.xxx LOG flags 6 level 4 prefix `SuSE-FW-NO_ACCESS_INT->FWEXT ' 21 DROP all -- 0.0.0.0/0 xxx.xxx.xxx.xxx 22 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 4 prefix `SuSE-FW-UNALLOWED-TARGET ' 23 DROP all -- 0.0.0.0/0 0.0.0.0/0 24 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with tcp-reset