# after making changes to ipf.conf: # /etc/init.d/ipfboot reload # # or via brute force: # /etc/init.d/ipfboot stop; sleep 1; /etc/init.d/ipfboot start
if you reload instead of stop/start, states are not killed.
see the ipf.tar.gz source file for the complete ipfboot script. but the important piece is:
[...]
reload)
if [ -r ${IPFILCONF} ]; then
ipf -I -Fa -f ${IPFILCONF}
[...]i also suggest reading the output of "man -s 8 ipf".
jim
rmkml wrote:
Hi Martynas,
If you stop and start (or restart),
ipfilter loose state information ...
If you keep state :
A) Save state in file ????? (and reload of course)
B) wait ipfilter v4
C) Add temporarily in your rules : flags A (accept all packet with tcp flags Ack)
A) : http://false.net/ipfilter/2001_06/0292.html
Regard
Martynas Buozis wrote:
Hello
I have rules like :
block out log quick all head 100 pass out quick proto tcp all flags S keep state keep frags group 100 pass out quick proto udp all keep state keep frags group 100 pass out quick proto icmp all keep state keep frags group 100
If I restart ipf - state's are lost and all existing outgoing network connections are lost. Is there a way to restart (stop and start after some time) ipf with rules above not loosing already existing connections ?
Thank you for your help.
WBR Martynas
