Hello everybody, Kenneth: Thank you very much for the reply. I'll look into this option. Does anybody have any other suggestion? How does everyone load their rule-set? My original mail: "So far I have been writing all the iptables commands in a file & ran it in a terminal (bash filename). Then I do the "service iptables save" to save & load the configuration during boot-up. Pretty soon the configuration file is going to have around 800 commands & this file is modified quite often. So for the changes to reflect in run-time I do a "bash <script-file>". Somewhere I read that loading that many commands using "bash <script-file>" is not recommended (Is this true?). So I started searching in Google for other alternatives. I came across the following: - Use rc.firewall (I don't know if its in /etc or /etc/init.d or what) - Use /etc/firewall.conf - Use /etc/init.d/firewall Could someone tell me which file to use? In Fedora core 2 I found only /etc/rc.d/init.d/iptables. Which way would be easy to load a huge script that would be modified quite often? OS specs: Fedora Core 2 Kernel 2.6.8.1 Iptables 1.2.11" Any help will be greatly appreciated. Thank you, Deepak Seshadri > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Kenneth Porter > Sent: Monday, October 25, 2004 5:29 PM > To: 'Netfilter Group' > Subject: Re: iptables script file > > > Which way would be easy to load a huge script that would be modified > quite > > often? > > iptables-restore > > The save format is a little weird at first but it's not too hard to see > how > it matches your iptables commands. I now modify /etc/sysconfig/iptables > directly. (This is the save file used on Red Hat systems to reload the > firewall at boot time.) > > If I understand things correctly, iptables-restore makes a single kernel > call with only one lock, so it's very efficient at loading the tables into > the kernel. > > Change your script to write your rules into the save format and then > invoke > iptables-restore to load it. This is actually pretty simple, as most of > your iptables commands will be replaced with "echo ${RULEBODY} > > ${SAVEFILE}" (where RULEBODY is the parameters to your old iptables > command). > >
