AFAIK, "service iptables restart" does not cut off current connections. The stateful connections are kept by the conntrack module, which I believe will not be cleared on a restart of iptables, and "service iptables restart" also uses iptables-restore, which does the changes atomically instead of one by one. However, don't blindly follow what I'm saying here, this is all from memory and I might be wrong. If you really need to know it, verify it on a test environment before you do it on the production one.
yes of course - thanks for all assistance _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
