All files ending with ".rule" in this directory are processed in shell
expansion order.

Here's an example of a user-defined chain. It merely creates a new chain; it
doesn't let anything pass through the firewall (yet) :

$IPTABLES -t filter -N SSH
$IPTABLES -t filter -F SSH
$IPTABLES -t filter -A SSH -p tcp --dport 22 -j ACCEPT

Now, if we want to let some packets pass through the firewall, we have to add a
new rule for them to "jump" to this chain :

$IPTABLES -t filter -A INPUT -s 192.168.1.0/24 -j SSH

Read iptables' manual page (man iptables) for more information about
user-defined chains and filtering possibilities.

You can add local chains and rules in the "50-custom.conf" file in this
directory, or create your own files for this purpose.

Directory /lib/firewall/rules.d contains preset rule files following this
example.  Files in this directory will be used directly if needed by the
firewall script. For example, you can just add a line like this:

$IPTABLES -t filter -A INPUT -j PING

in a file located in /etc/firewall.d, and the firewall script will detect that
you want to use the "PING" rule and load the file in /lib/firewall/rules.d
before your file.

Files in /etc/firewall.d have precedence over files in /lib/firewall/rules.d,
so if you create a user-defined chain with the same name as one already
defined in /lib/firewall/rules.d, the latter won't inetrfere.
