> > I make changes in the /etc/sysconfig/iptables file and then do a "service > > iptables restart". Would this interrupt the established connections through > > the firewall? > > Provided that 'service iptables restart' does not unload the conntrack module, > then the established-connections table will not be reloaded - you will likely > have a second or two of no connectivity while the ruleset is reloaded, > though. Right. I've done this many times, and never seen any dropped connections. I've even restarted the firewall from a remote ssh session, and never had any trouble-- just a short pause in the console output. Of course, that's terrible practice-- if your firewall script doesn't finish executing, for whatever reason, then you're hosed until you can get back to the console. -- To reply by email, replace "deadspam.com" by "alumni.utexas.net"
