Hi folks,
We run a linux based product (RHEL4 based, kernel-2.6.9-55, and
iptables-1.2.11). During the running of the product, when we make
changes to the iptables configuration, we use the SysV-like RHEL script
"/etc/init.d/iptables restart", which effectively stops iptables,
unloads all of the iptables based kernel modules, then starts iptables
and all the kernel stuff.
A colleague recently asked why we're not using "iptables-restore"
instead of the script which does "stop/start". I'm looking to see if
you know of any reasons why we should or should not use iptables-restore
vs. "stop/start". Does it matter if the number of connections on the
system is high? Our product can sometimes handle many millions of
connections per day.
Thanks.
...alex...
We run a linux based product (RHEL4 based, kernel-2.6.9-55, and
iptables-1.2.11). During the running of the product, when we make
changes to the iptables configuration, we use the SysV-like RHEL script
"/etc/init.d/iptables restart", which effectively stops iptables,
unloads all of the iptables based kernel modules, then starts iptables
and all the kernel stuff.
A colleague recently asked why we're not using "iptables-restore"
instead of the script which does "stop/start". I'm looking to see if
you know of any reasons why we should or should not use iptables-restore
vs. "stop/start". Does it matter if the number of connections on the
system is high? Our product can sometimes handle many millions of
connections per day.
Thanks.
...alex...