On 2/26/19 4:01 PM, brent s. wrote: ... > > You can (Gene, you may find this particularly useful since you feed to > ipset) use the pyroute2.IPSet() function to actually manage the live > Great thank you - I wasn't aware of this capability. I really like python! ipset made a huge difference - major benefit I agree. The other thing I do in my firewall script is I write the rules in iptables-save format. Many guides continue to use the iptables executable in their examples rather than directly writing into a file in iptables-save format. I haven't read any guides for a long time, so perhaps there are better ones now which speak to this. Rather than invoking iptables repeatedly on each rule, i write an iptables-save formatted file and then use iptables-restore to install the entire firewall in one shot. thank you brent ... gene
