I am working on setting up a firewall on a server/router (see http://wiki.debian.org/green/Router ). I have considered several different firewall packages, but am more comfortable just running iptables in a shell script. However, iptables scripts usually begin with a flush, and then it takes time to add all those rules, plus some possible interruption to traffic meanwhile. What about if only a small change has been made? Does iptables-restore flush first, or is it able to just change the rule set as necessary to match? (And is there a term used to describe that feature?) If iptables-restore does not support that, does anyone know of another tool (available the repositories) that I can use that would allow me to write a parseable iptables rule set? Thanks.
Attachment:
signature.asc
Description: Digital signature