Prepend Spamhaus chain at top

[andreaspollak]

Hi, i prefer to prepend the Spamhaus chain at the top (like fail2ban,...) of iptables, instead of appending it at the bottom.

Line 35-39:

# tie chain to input rules so it runs
$IPTABLES -I INPUT 1 -j $CHAIN

# don't allow this traffic through
$IPTABLES -I FORWARD 1 -j $CHAIN

[mwgentile]

Agreed. It doesn't do much good to have the rule placed below my explicit deny. Having a "place at top-of-ruleset" option would save the user a step.

[volkan-k]

you dont need to write rule number (1), it is default if you use "-I" instead of "-A"

-I, --insert chain [rulenum] rule-specification
Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.

script is open-source, and it allows you to "place at top-of-ruleset" by simply changing two "-A" characters to "-I"
but feel free to fork it on github, amend it to your heart's content, so that it does exactly what you would have it to do.