It is difficult to have to specify an integer line_number for every iptables rule, especially when multiple recipes are setting rules. It would be nice to be able to simply "append" to the current list without having to make up arbiltrarilly high line numbers.

I propose something like:

iptables_rule 'Established Connection Forwarding' do
  table :filter
  line_number :next # <-------------------- Symbol indicating "Place at the next available line number"
  chain :FORWARD
  extra_options '-m conntrack --ctstate RELATED,ESTABLISHED'
  jump 'ACCEPT'
end

Created a WIP PR for this to solicit feedback.

Do we want this? I know that I personally want this, but if nobody else is interested then I'll continue to manage my own fork.

If the community does want this, let me know and I'll add proper tests, documentation, and incorporate any community feedback.

Placing this on hold; after discussion with @bmhughes I forget why I was unable to simply omit the line_number argument altogether. Looking at the code, this should work as I need... so either I've forgotten my motivation for making this change, or it's an unnecessary request!