[arch-general] Iptables
Genes Lists
lists at sapience.com
Tue Feb 11 14:26:52 UTC 2020
Hi Silvio
One general comment - your script uses the iptables command for each
rule - this is extremely inefficient. This is probably not a big deal in
your case but I'll mention it anyway.
Far better way is to output the firewall in the same format as
iptables-save uses, then simply use iptaples-restore to load the
firewall rules - this reads the entire set of rules and ask the kernel
to install them all in one shot. This is essentially just dropping the
'$IPT' part for each rule plus a slightly different way to define chains
and set the default policies.
One way to see the format is simply to use iptables-save on existing
firewall. This is the format used by iptables to save / restore rules.
best
gene
More information about the arch-general
mailing list