[Bug 699] please add new options to iptables-restore to continue on error and suppress error output
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun May 19 02:39:30 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=699
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-05-19 02:39:28 CEST ---
(In reply to comment #3)
> I was attempting to develop an ipblocker application that would manage large
> lists of ip ranges (all of the lists from bluetack.co.uk). It would enable
> users to enable/disable individual ranges of ip addresses or entire lists.
By reading this, it looks to me that ipset [1] is the right framework to
implement such application.
[1] http://ipset.netfilter.org/
> Let's say that a user has a default list of iptables rules applied each time
> they log in. For example, the default configuration when using the firestarter
> application. The ipblocker application can't flush the rules and start over
> each time it needs to add or remove rules from iptables because there may be
> other pre-existing rules.
iptables-restore not always flushes the exising rule-set, you can use:
-n, --noflush
don't flush the previous contents of the table. If not
specified, iptables-restore flushes (deletes) all previ‐
ous contents of the respective table.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list