-
Notifications
You must be signed in to change notification settings - Fork 4
Home
sl0 edited this page Jun 6, 2013
·
4 revisions
We're on linux.
We're root.
Always there is somthing left to be done:
As iptables are done as an atomic operation each, it takes long time to insert a lot of commands into the kernel. Using iptables-restore, which is an atomic operation as well, we can transfer a complete ruleset into the kernel at once. This saves a lot of time and cpu-load. Finally it does have the same result. And here comes the news:
iptables_converter.py reads a shell-script, f.e. firewall-commands, which contains iptables commands. Default filename is rules. Output is done to stdout. redirect it to a file, f.e. ruleset.
iptables_converter -s firewall-commands > ruleset
iptables-restore < ruleset
Have fun! sl0