of course regardless, that's why it's a chain / list / table, not just a random lump of rules executed randomly. if it's not then a predence of order makes no sense at all. a decent firewall list should *always* end with a drop, i.e. if your packet got to the bottom we obviously didn't accept you earlier...
this is nothing to do with iptables per se, this is how virtually all common access list based systems, most specfically including most firewalls in the world, work.
in your world, how would you fulfil a request such as "accept ssh traffic from ip 220.127.116.11 but block everything else"? without precedence you're presuambly looking at a rule for every single possible port that could exist as you can't fall back to a default right? 65534 rules? super!
Last edited by acid_kewpie; 04-30-2007 at 02:46 PM.