[ale] Gory-detail Q: iptables rule not obvious when listed

[John Mills]

ALErs -

 Environment: Slackware-9.1
 Objective: drop packets from NEW connections that originate at ppp*
 Approach: fragment of iptables setup script _almost_ straight from 
HOWTO...

 echo "Creating filter chain"
 # Create chain which blocks new connections, except if coming from inside
 iptables -N block
 iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A block -m state --state NEW -i ! ppp+ -j ACCEPT
 iptables -A block -j DROP

 echo "Linking blocking chain to INPUT and FORWARD"
 # Jump to that chain from INPUT and FORWARD chains.
 iptables -I INPUT 1 -j block
 iptables -I FORWARD 1 -j block

 Result displayed by 'iptables -L':

 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 block      all  --  anywhere             anywhere           

 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 block      all  --  anywhere             anywhere           

 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         

 Chain block (2 references)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere           state \
   RELATED,ESTABLISHED 
 ACCEPT     all  --  anywhere             anywhere           state NEW 
 DROP       all  --  anywhere             anywhere           

Questions:
 Q1) In the second-to-last line of the listing, I expected to see a 
     reflection to my source qualifier "-s ! ppp+". Should I see something
     like that?

 Q2) I set up my script to "Insert" (-I) my filter 'block' as the first 
     line of the targets INPUT and FORWARD, but the HOWTO used "Append"
     (-A). Was I right to use '-I'?

TIA.

 - John Mills
   john.m.mills at alum.mit.edu