From c5f1d5c1acdd3d4922560cff34ff0506749449ee Mon Sep 17 00:00:00 2001
From: ImmortalPC <guillaumenuel@hotmail.com>
Date: Mon, 31 Mar 2014 00:03:12 +0200
Subject: [PATCH] [IPTABLES] Add some cheats for iptables

---
 cheatsheets/iptables | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/cheatsheets/iptables b/cheatsheets/iptables
index badc271..2e0a132 100644
--- a/cheatsheets/iptables
+++ b/cheatsheets/iptables
@@ -16,3 +16,25 @@ iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-u
 #	icmp-host-prohibited or
 #	icmp-admin-prohibited
 #	tcp-reset
+
+# Add a comment to a rule:
+iptables ... -m comment --comment "This rule is here for this reason"
+
+
+# To remove or insert a rule:
+# 1) Show all rules
+iptables -L INPUT --line-numbers
+# OR iptables -nL --line-numbers
+
+# Chain INPUT (policy ACCEPT)
+#     num  target prot opt source destination
+#     1    ACCEPT     udp  --  anywhere  anywhere             udp dpt:domain
+#     2    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:domain
+#     3    ACCEPT     udp  --  anywhere  anywhere             udp dpt:bootps
+#     4    ACCEPT     tcp  --  anywhere  anywhere             tcp dpt:bootps
+
+# 2.a) REMOVE (-D) a rule. (here an INPUT rule)
+iptables -D INPUT 2
+
+# 2.b) OR INSERT a rule.
+iptables -I INPUT {LINE_NUMBER} -i eth1 -p tcp --dport 21 -s 123.123.123.123 -j ACCEPT -m comment --comment "This rule is here for this reason"