service iptables save, systemctl, and unhelpful error messages
Petr Pisar
ppisar at redhat.com
Thu Feb 16 08:52:10 UTC 2012
On 2012-02-15, Reindl Harald <h.reindl at thelounge.net> wrote:
> thats right, but if you have any error in your rules you get
> a problem because in the worst no firewall at all is active
>
> dooing it with a shell-script results only in failing one
> rule with a error-message and apply the other ones, timing
> is usually not the problem if you don't have thousands of rules
>
>
iptables-restore format has transaction system for this purpose. You can
create atomic updates consisting of more rules. This is even superior to
iptables command.
-- Petr
More information about the devel
mailing list