Re: Reload IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you for that very good explanation.

As it turns out, I am learning two ways at once.  One is my desktop computer running Debian 10 which used nftables (and I believe nftables-persistent is built-in to the nftables mechanism).  The other is a little Raspian server which is based on Debian 10, but does not use nftables.

In the second case, one must reload iptables when changes are made to it.  If I correctly understand, one must use sudo iptables -F, followed by sudo iptables-restore < /etc/iptables.up.rules (or wherever they are).  Doesn't it need the little left arrow/less-than sign?  Does that sound correct?


On 6/27/21 2:11 PM, Kerin Millar wrote:
On Fri, 25 Jun 2021 19:47:02 -0400
slow_speed@xxxxxxx wrote:

Yes, that was exactly my initial question.  I couldn't agree more.

The issue was knowing the correct command to use force the reload. I
remain unclear on that if my files are in either /etc/iptables.up.rules
or /etc/iptables/rules.v4.
Debian offers an iptables-persistent package which, if installed, will provide a plugin for their netfilter-persistent package. In turn, that implements a pseudo-service that is capable of automatically loading iptables rules from "/etc/iptables/rules.v4" upon being started, and saving them there upon being stopped. It does so by executing iptables-restore(8) and iptables-save(8) behind the scenes and the decision to use this particular location is an arbitrary one made by the Debian maintainers. As for "/etc/iptables.up.rules", it has no significance beyond serving as one example of how to manually deal with ruleset persistence, as far as the author of the https://wiki.debian.org/iptables article is concerned.

So, if you needed to manually (re)load an iptables ruleset that had previously been saved through the use of the iptables-persistent plugin, you might run `iptables-restore /etc/iptables/rules.v4` but it would probably be wiser to run `netfilter-persistent start` instead. For further information, refer to the netfilter-persistent(8) man page. On the other hand, should you choose not to use iptables-persistent, the decision of where exactly to save rulesets is yours to make. If in doubt, observe the conventions chosen by your distribution.







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux