Am 26.06.21 um 09:19 schrieb David Hajes:
now you know why I use own scripts that are portable to any
Linux/OpenBSD/BSD-like machine
sounds like a terrible mess with a ton of conditions which only works
with a simple ruleset
I have never used iptable-save/restore in my life...it doesn't handle
variables like "ip_forward" for example and there is more to setup.
it's not it's job to handle sysctl
that belongs into a different file and running the iptables-script at
boot is a terrible idea because it's slow an non-atomic
the only time when you should run a complex script is when you change
something and not at boot time where you simply restore the last state
/usr/sbin/ipset -file /etc/sysconfig/ipset restore
/usr/sbin/iptables-nft-restore /etc/sysconfig/iptables
/usr/sbin/sysctl -q --load=/etc/sysctl*.conf
that way first all rules are loaded atomic and *then* "ip_forward" and
friends are set to avoid a leak at boot
why would you reboot machine just because you need reload firewall?
it seems to me that you need to learn basics of firewalling and Linux
management.
On 26/06/2021 01:47, slow_speed@xxxxxxx wrote:
Yes, that was exactly my initial question. I couldn't agree more.
The issue was knowing the correct command to use force the reload. I
remain unclear on that if my files are in either
/etc/iptables.up.rules or /etc/iptables/rules.v4.
On 6/25/21 7:43 PM, Reindl Harald wrote:
Am 25.06.21 um 23:30 schrieb slow_speed@xxxxxxx:
I do not believe it is something one would use a script for. Rather,
there should be a way to reload the information into memory without
having to reboot.
why would you ever reboot a linux system for something trivial than
exchange, reset or realod iptables?
* you have your ruleset
* you have saved it
* just load it
"/usr/sbin/iptables-nft-restore /etc/sysconfig/iptables" or
"iptables-restore" or "iptables-legacy-restore"
there is no difference doing that at boot or any moment in time
On 6/25/21 4:51 PM, David Hajes wrote:
on Debian I flushed all tables including custom tables and used to
run iptables bash script before I moved to nftables. OpenBSD same
strategy - flush and reload pf.conf
if that is what you mean by reload.
On 25/06/2021 21:24, slow_speed@xxxxxxx wrote:
What is the preferred command to reload the current rules for
iptables? (Please include Debian environment, if distro-specific.)