To prevent problems during a firewall reload/restart, I usually do:
1) do 'echo 0 > /proc/sys/net/ipv4/ip_forward' on the very beggining of
the script
2) define the default actions to drop on the very first rules ( -P
DROP )
3) insert ALL the rules (can take some seconds)
4) do 'echo 1 > /proc/sys/net/ipv4/ip_forward'
5) firewall is READY
What do you think on this ?
Sincerily,
Leonardo Rodrigues
