Sunday, June 20, 2010

iptables-restore

I am working on setting up a firewall on a server/router (see
http://wiki.debian.org/green/Router ). I have considered several different
firewall packages, but am more comfortable just running iptables in a shell
script.

However, iptables scripts usually begin with a flush, and then it takes time to
add all those rules, plus some possible interruption to traffic meanwhile.
What about if only a small change has been made? Does iptables-restore flush
first, or is it able to just change the rule set as necessary to match? (And
is there a term used to describe that feature?)

If iptables-restore does not support that, does anyone know of another tool
(available the repositories) that I can use that would allow me to write a
parseable iptables rule set?

Thanks.

No comments:

Post a Comment