On Thu, Mar 07, 2002 at 11:24:25AM +0100, Allan Sandfeld Jensen wrote: > Is it possible to do atomic updates of netfilter-rules? > I.e something like: > iptables lock > iptables -F > iptables -A .. > iptables -A .. > .. > iptables unlock > > It would be even nicer, if this could be done without throwing all packets > that arrive in the meantime out.
use "iptables-restore --noflush" and pipe your rules to stdin. for the format of the transactions see the output of iptables-save > greetings > `Allan -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
