Am 15.02.2012 20:01, schrieb Genes MailLists: > On 02/15/2012 09:45 AM, "Jóhann B. Guðmundsson" wrote: > >> Experienced admins dont use service iptables blah anyway ( they use >> iptables commands directly ) so it hardly matters to them documentation >> should however be updated for those that actually use service iptables >> blah to point this out so you should file a DOC bug for it. >> > Actually, many experienced users directly create and put their rules > file wherever the iptables service reads it from (historically it is > /etc/sysconfig/iptables). Not sure if that has changed - if not JBG is > essentially right > > For those still using iptables command instead, to install the rules in > the kernel one at a time, they can then use the iptables-save command to > create rules file from already running firewall. > > But, note that installing rules into the kernel via iptables command > one rule at a time is 2-3 orders of magnitude slower than creating the > rules file and installing all the rules in one shot.
thats right, but if you have any error in your rules you get a problem because in the worst no firewall at all is active dooing it with a shell-script results only in failing one rule with a error-message and apply the other ones, timing is usually not the problem if you don't have thousands of rules
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
