I really wish there were GOOD documentation on IPTables. It's hard to find a comprehensive list of modules, let alone really good examples on how to use them. IPTables is under-used, especially for system administration tasks. I run HAProxy, which doesn't do graceful restarts (like Apache/Nginx which has a master process that doesn't exit). So to prevent the OS from dropping packets when nobody is listening, I used IPTables to short-circuit HAProxy to the first backend. So new connections are temporarily 'shunted' while HAProxy is restarting. The only annoying bit is you have to guess how long before HAProxy is ready.
(Hey, does anyone remember a newsgroup (I think it was alt.hackers) where you had to not only figure out how to forge a post, but your post had to be about an interesting hack? Ah, the good old days before eternal September.)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds