On 6/27/21 7:56 AM, slow_speed@xxxxxxx wrote:
A most fundamental part of learning is asking questions. That is what
I'm doing here.
And I'd still like some verification of the exact command to reload the
tables.
iptables-reload
ip6tables-reload
I explained about the usage of these two programs. The man pages
describe all the options.
From my previous e-mail:
Assuming that you have previously used
"iptables-save >/root/iptables.ipv4" and
"ip6tables-save >/root/iptables.ipv6",
then you can reload the tables using
"iptables-restore </root/iptables.ipv4" and
"ip6tables-restore </root/iptables.ipv6"
Note that a save does not save the state of /proc/sys/net variables (like /proc/sys/net/ipv4/ip_forward), and consequently restore doesn't change the state of /proc/sys/net variables.
When I have written scripts to handle this sort of stuff, I handle /proc/sys/net/ipv4/ip_forward and /proc/sys/net/ipv6/conf/*/forwarding myself. To make a reload as atomic as possible, I first turn off forwarding, the issue the two restore commands, then set the /proc variables to their saved values.
