Fri, 18 Jan 2002 11:45:25 -0800
1) write a cron script which reloads a known good
netfilter save file every 15 minutes or so.
2) modify an alternate save file with your new rules.
3) load iptables from your alternate save file .
4) if everything works ok, copy your new
save file over the existing one. if it does not work out well,
wait average of 7.5 minutes for the old good set of rules to
allow you access again to the system.
Wojciech Sobola wrote:
> I have questions regarding init script for iptables. Is it possible to
> avoid confusion with bad modifications in "save" file?
> Problem is when You modify this file manually and make mistake in it.
> After restart with bad config You get dropped other rules
> which are good. Is any way to change this behavior? F. ex. skip line
> with errors and apply rest of rules (marking this bad rule somehow)?
> If You do this remotely and Your INPUT chains has DROP default policy,
> then You loose connection.