Interesting. I did not understand how that one worked. I thought it
was for something else.
So if a person had installed iptables-persistent, then
/etc/iptables/rules.v4 and /etc/iptables/rules.v6 were created. If I
understand your usage, one would then run:
iptables-restore </etc/iptables/rules.v4.
Is that correct?
On 6/25/21 6:19 PM, Stephen Satchell wrote:
Look into iptables-restore(8)
Assuming that you have previously used
"iptables-save >/root/iptables.ipv4" and
"ip6tables-save >/root/iptables.ipv6",
then you can reload the tables using
"iptables-restore </root/iptables.ipv4" and
"ip6tables-restore </root/iptables.ipv6"
Note that a save does not save the state of /proc/sys/net variables
(like /proc/sys/net/ipv4/ip_forward), and consequently restore doesn't
change the state of /proc/sys/net variables.
When I have written scripts to handle this sort of stuff, I handle
/proc/sys/net/ipv4/ip_forward and /proc/sys/net/ipv6/conf/*/forwarding
myself. To make a reload as atomic as possible, I first turn off
forwarding, the issue the two restore commands, then set the /proc
variables to their saved values.
On 6/25/21 2:30 PM, slow_speed@xxxxxxx wrote:
Thank you.
I do not believe it is something one would use a script for. Rather,
there should be a way to reload the information into memory without
having to reboot.
On 6/25/21 4:51 PM, David Hajes wrote:
on Debian I flushed all tables including custom tables and used to
run iptables bash script before I moved to nftables. OpenBSD same
strategy - flush and reload pf.conf
if that is what you mean by reload.
On 25/06/2021 21:24, slow_speed@xxxxxxx wrote:
What is the preferred command to reload the current rules for
iptables? (Please include Debian environment, if distro-specific.)
