This patch set adds a switch to iptables-save to select a specific chain to be saved. Sometimes it's useful to save only one chain. E.g. When some rules are added dynamically by daemons like OpenVPN or strongSwan and the base rule set is generated by a bash script. Consider this trivial script: ---8<--- #!/bin/sh # save only the DYN_OVPN chain iptables-save -t filter -C DYN_OVPN > /tmp/dyn-rules iptables -F iptables -X iptables -A INPUT -s 1.2.3.4 -j ACCEPT # much more rules... iptables -A INPUT ... -j ACCEPT # OpenVPN can insert here rules which get not lost in case # the base rule set gets modified and reloaded. iptables -N DYN_OVPN iptables -A INPUT -i tun+ -j DYN_OVPN # restore DYN_OVPN chain iptables-restore -n < /tmp/dyn-rules rm -f /tmp/dyn-rules --->8--- [PATCH 1/2] iptables-save: Allow chain selection [PATCH 2/2] ip6tables-save: Allow chain selection -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
