iptables -A append one or more rules
Andrew Mclaughlin 
I was looking at the man page of iptables today and I noticed that the -A description says “Append one or more rules to the end of the selected chain”. Does that mean that if I have:
iptables -A INPUT {...rule1...}
iptables -A INPUT {...rule2...}it could be simplified to one line?
iptables -A INPUT {...rule1; rule2...}I’ve looked around on google and can’t find an example of anyone ever doing this, but it would simply some of my scripts if it’s possible.
12 Answers
You can only supply one rule definition in one iptables -A invocation.
However, if you use an address such as that happens to resolve to more than one address, then multiple rules are appended, one for each address.
For example: (fake IPs used...):
$ host has address 10.1.2.3 has address 10.1.2.4
$ sudo iptables -A INPUT -s -j ACCEPT
$ sudo iptables -L INPUT -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 208K 250M ACCEPT all -- * * 192.168.0.0/16 0.0.0.0/0 0 0 ACCEPT all -- * * 10.1.2.3 0.0.0.0/0 0 0 ACCEPT all -- * * 10.1.2.4 0.0.0.0/0 So now you have inserted more than one rule using one iptables -A invocation.
I agree that this is not quite apparent from the manpage description.
1No. 1 rule per iptables call. the "Append" option is in contrast to the "Insert" option. Append as in... the new rule goes to the end of the list of rules, but Insert adds the rule to the top of the list.
iptables -I INPUT {Rule1}
iptables -I INPUT {Rule2}would result in the rules being as follows:
{Rule2}
{Rule1}where
iptables -A INPUT {Rule1}
iptables -A INPUT {Rule2}would result in
{Rule1}
{Rule2}
