TIL: iptables
By making the firewall stateful and the first rule the typical
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
the vast majority of legitimate traffic to your server is
accepted after passing only that single rule.
That traffic doesn't need to traverse any other rules.
The netfilter-persistent
package from Debian is useful for save/restore rules.
When using Ansible module to modify the systems iptables - When reject-with
used no need to add jump=reject
because it will duplicate -j
for iptables and throw an error; when using !
for rules, use it whit quotes: "!.."