Re: Reload IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/27/21 11:32 AM, slow_speed@xxxxxxx wrote:
As it turns out, I am learning two ways at once.  One is my desktop computer running Debian 10 which used nftables (and I believe nftables-persistent is built-in to the nftables mechanism).  The other is a little Raspian server which is based on Debian 10, but does not use nftables.
I've only got started with nftables, which is why I bought the latest 
edition of Linux Firewalls.  In particular, I wanted to duplicate 
reverse packet filtering, but in both IPv4 and IPv6.  So I don't know 
the toolset for nft yet.
In the second case, one must reload iptables when changes are made to it.  If I correctly understand, one must use sudo iptables -F, followed by sudo iptables-restore < /etc/iptables.up.rules (or wherever they are).  Doesn't it need the little left arrow/less-than sign?  Does that sound correct?
Yes.  What you are doing with iptables-restore (and ip6tables-restore) 
is presenting the contents of a file originally created by 
ip[6]tables-save to stdin of the -restore programs.
By the way, if I'm reading the man page correctly  ip[6]tables-restore 
does the -F for you, unless you tell it not to.  You can also restore 
only a single table from the collected rules.  Details on the man page.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux