Alohá! Jerome Vandenabeele wrote:
Have you try to load your second ruleset with hipac? http://www.hipac.org/
I was pointed out to use the iptables-save command which outputs whole tables in one go and can naturally be piped into a file ('cat <file> iptables-restore' and will restore that table accordingly) rather than running a huge shellscript that makes iptables retrieve the whole ruleset from kernelspace, update it and reinsert it for each rule (takes around 30 min for this list).
Unfortunately I am working with a dynamically assigned IP that is passed to the iptables script called in /etc/ppp/ip-up by pppd.
Now, the best tutorial ever <tm> http://iptables-tutorial.frozentux.net states that there are a few more or less clumsy workarounds by sed-ing the iptables-save file for the ips and replacing them with the valid values for each connection cycle (every 24h), saving to a tmp-file and then iptables-restoring that table. While I can see that it is possible that way I still was wondering whether there is a more elegant solution to this. Maybe this is it, I shall definitely have a look at it, thanks a lot!
best regards Martin