Re: [Fwbuilder-discussion] incremental iptables rules changes
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] incremental iptables rules changes
|
From: Luc P. <pau...@gm...> - 2010-10-23 02:34:20
|
2010/10/22 Mike Slifcak <sl...@be...>
> Has anyone successfully used Firewall Builder in Linux iptables
> environments where the
> action of inserting or removing rules must not affect existing connections?
> Can you share
> what you had to do to make that happen?
> Regards,
> -Mike Slifcak
>
>
Hi Mike,
When you reload you firewall script with new/remove script current active
connection shouldn't be affected, Current active connection will keep
flowing through the firewall, however new connection will fail. In our
production environnement we do firewall rule update on a frequent basis and
no one had complain about an issue so far, the time it take when relaunching
the script is so small that people don't even notice that the firewall's
rule got reloaded.
--
!!!!!
( o o )
--------------oOO----(_)----OOo--------------
Luc Paulin | paulinster(at)gmail.com
|