On Mon, Jan 24, 2011 at 10:47 AM, Jarry <mr.ja...@gmail.com> wrote: > Hi, > > I have to change rather complex iptables rules on server > and I do not want to lock me out as this server is about > 50 miles away. So how should I do it? > > I can back up the old rules by running: > /etc/init.d/iptables save > and it will be saved to /var/lib/iptables/rules-save > (some strange format starting with number like [536:119208]) > > I prepared a script with new (modified) iptables-rules, > which I will run in bash. But in case I screw something, > how could I force netfilter to load old saved rules, > if I for whatever reason do not connect to server (ssh)? > > Or can I load new iptables-rules for certain time, and > then force netfilter to load back the old rules again? > > Jarry >
Maybe a cron job that no matter what reloads the old rules 1 hour later? - Mark
