stop/start iptables vs. "iptables-restore"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: stop/start iptables vs. "iptables-restore"
- From: Alex Tang <altitude@xxxxxxxxxxxx>
- Date: Thu, 23 Aug 2007 17:32:58 -0700
- User-agent: Thunderbird 2.0.0.6 (Windows/20070728)
Hi folks,
We run a linux based product (RHEL4 based, kernel-2.6.9-55, and
iptables-1.2.11). During the running of the product, when we make
changes to the iptables configuration, we use the SysV-like RHEL script
"/etc/init.d/iptables restart", which effectively stops iptables,
unloads all of the iptables based kernel modules, then starts iptables
and all the kernel stuff.
A colleague recently asked why we're not using "iptables-restore"
instead of the script which does "stop/start". I'm looking to see if
you know of any reasons why we should or should not use iptables-restore
vs. "stop/start". Does it matter if the number of connections on the
system is high? Our product can sometimes handle many millions of
connections per day.
Thanks.
...alex...
[Index of Archives]
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Netem]
[Berkeley Packet Filter]
[Linux Kernel Development]
[Advanced Routing & Traffice Control]
[Bugtraq]
