|
|
Log in / Subscribe / Register

A Plumber's Wish List for Linux

A Plumber's Wish List for Linux

Posted Oct 11, 2011 0:34 UTC (Tue) by nybble41 (subscriber, #55106)
In reply to: A Plumber's Wish List for Linux by fest3er
Parent article: A Plumber's Wish List for Linux

I'm hardly an expert on iptables, but it seems that, apart from using iptables-restore, you could also use an intermediate chain as a sort of "function pointer" to switch from the old rules to the new ones with a single update:

# set up the initial rules
iptables -N real-chain-1
iptables -A real-chain-1 ...

# create the indirect chain
iptables -N replaceable-chain
iptables -A replaceable-chain -g real-chain-1

# use it
iptables ... -j replaceable-chain

# later...

# set up the new rules
iptables -N real-chain-2
iptables -A real-chain-2 ...

# switch to the new rules
iptables -R replaceable-chain 1 -g real-chain-2

# clean up
iptables -F real-chain-1
iptables -X real-chain-1

to post comments

A Plumber's Wish List for Linux

Posted Jul 20, 2012 18:31 UTC (Fri) by fest3er (guest, #60379) [Link]

Yes, that's generally possible. But it requires the chain name change to be tracked externally. (OK, I have to change the rule set again. Am I, right now, using chain_0 or chain_1?)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds