11 Feb
2020
11 Feb
'20
3:26 p.m.
Hi Silvio One general comment - your script uses the iptables command for each rule - this is extremely inefficient. This is probably not a big deal in your case but I'll mention it anyway. Far better way is to output the firewall in the same format as iptables-save uses, then simply use iptaples-restore to load the firewall rules - this reads the entire set of rules and ask the kernel to install them all in one shot. This is essentially just dropping the '$IPT' part for each rule plus a slightly different way to define chains and set the default policies. One way to see the format is simply to use iptables-save on existing firewall. This is the format used by iptables to save / restore rules. best gene