On 1/24/2011 10:59 AM, Mark Knecht wrote:
On Mon, Jan 24, 2011 at 10:47 AM, Jarry<mr.ja...@gmail.com> wrote:
Hi,
I have to change rather complex iptables rules on server
and I do not want to lock me out as this server is about
50 miles away. So how should I do it?
I can back up the old rules by running:
/etc/init.d/iptables save
and it will be saved to /var/lib/iptables/rules-save
(some strange format starting with number like [536:119208])
I prepared a script with new (modified) iptables-rules,
which I will run in bash. But in case I screw something,
how could I force netfilter to load old saved rules,
if I for whatever reason do not connect to server (ssh)?
Or can I load new iptables-rules for certain time, and
then force netfilter to load back the old rules again?
Jarry
Maybe a cron job that no matter what reloads the old rules 1 hour later?
- Mark
Yep, that's the way I do it. I'd test that the cron works correctly
beforehand. Nothing worse than locking yourself out *and* realizing your
cron has a path issue.
kashani
