firewalld - A firewall daemon with D-BUS interface providing a dynamic firewall (test version)
Genes MailLists
lists at sapience.com
Sun Jan 2 19:15:36 UTC 2011
On 01/02/2011 11:56 AM, Dennis Jacobfeuerborn wrote:
>> I switched to iptables-restore and got 2 orders of magnitude speedup
>> (yes that is indeed over 100 times faster!!) - something to consider.
>
> I think iptables-restore uses libiptc to manipulate the rules. The problem
> is that according to the netfilter FAQ libiptc isn't officially supported
> but I asked about that on the mailing list. I've always wondered how to
> properly manipulate iptables rules from say C/C++ (or any "not shell"
Perhaps - but iptables-restore and iptables-save are what fedora use
when you run
service iptables save / (re)start -
so I assume that is supported.
The format is very straightforward, differing only in a minor way from
the line by line iptables command - the idea is that there is a single
user-to-kernel space rather than 1 per line.
Anyway, I use simple scripting to create the file in correct format -
in fact it is identical to the format you get by running service
iptables-save .. for obvious reasons :-) I just skip the 1 line per rule
entry followed by a service iptables save and instead - i just write
it in save format and reload.
This should work as long as service iptables save/start work.
gene/
More information about the devel
mailing list