Put a rule before the last one

[shakisha]

I want to have got a configuration with last rule as "-A INPUT -j DROP" but, after this, i want to add a rule before this drop all statement.

How to accomplish that?

[greg-sk]

All PUT requests insert in front of the chain (-I) so if you do:
PUT /drop/input/any/0.0.0.0/0
as a first call it will be pushed to the end by next calls.

[shakisha]

i cannot understand properly.

consider a filter chain, and i'm putting 4-5 rules allow and then a drop all.

how can i put, after two days, another allow before the drop all statement?

[greg-sk]

There are only iptables inserts in rfw so you should start with drop all, add 4-5 allow rules (they will be inserted so will end up before the drop all rule) and then add (insert) next allow rules at any time.
See the difference between insert and append in man iptables.

[shakisha]

Ahhh, ok, so are in reverse order, right?

Another question, what will happen at machine reboot? Will the rules stays on and active or will be lost?

[greg-sk]

Q1: Yes, reverse
Q2: Rules will be lost. They are not durable

[shakisha]

about q2, what can i do for letting stay in?

a cronjob iptables-save into /etc/sysconfig/iptables (into centos 6) ?

[shakisha]

another important question, how to delete a previous allow rule ?

[greg-sk]

Q2': iptables-save in cron should work
Q3: curl -v -XDELETE http://<host>:<port>/accept/input/<interface>/<ip>