[RFC] iptables namespaces
Jan Engelhardt
jengelh at computergmbh.de
Sat Sep 8 09:26:09 CEST 2007
On Sep 7 2007 19:06, Steven Van Acker wrote:
>> > The result is that for 1 minute, some traffic can get through the firewall rules
>> > while other can not. We have had problems with spam getting through to
>> > mailservers behind the firewall, because not all firewall rules were loaded.
>>
>> That problem can be solved.
>> man iptables-restore
>
>iptables-restore takes a file as input, not a series of iptables
>commands.
Yes, it takes a file. And if you looked at it, yes, it takes iptables
commands! (besides the table and counter markers)
>This means I would have to edit the file manually, not
>something I want to do with 7000 firewall rules.
Where is the difference between...
iptables -A INPUT -m foobar -j FOOBAR
and adding
-A INPUT -m foobar -j FOOBAR
to the
*filter
section? (Otherwise, write a script, as suggested, or use a GUI ;-)
Jan
--
More information about the netfilter-devel
mailing list