I had stumbled across the following comment: "But to do this really clean, we need to have a script that removes the rules as well for when the interface goes down. Just to make sure the rules are never added twice." on this site: http://my.opera.com/Jada0007/blog/show.dml/1213354 and therefore wondered if there were ever a case in which the rules could be applied twice... by creating a /etc/ iptables.down.rules file, I hoped to avoid such a possibility.man iptables-restore states: ... -n, --noflushdon't flush the previous contents of the table. If not specified,iptables-restore flushes (deletes) all previous contents of the respective IP Table. ... So, make sure you won't use "-n" option when calling iptables-restore.
Thanks, Покотиленко! I'm glad to hear that's all it takes. Gratefully, Miles
