ok thanks Jim,
but restart is not reload ...
and man 8 ipf is faster ...
Regard.
Jim Sandoz wrote:
> # after making changes to ipf.conf:
> # /etc/init.d/ipfboot reload
> #
> # or via brute force:
> # /etc/init.d/ipfboot stop; sleep 1; /etc/init.d/ipfboot start
>
> if you reload instead of stop/start, states are not killed.
>
> see the ipf.tar.gz source file for the complete ipfboot script.
> but the important piece is:
>
> [...]
> reload)
> if [ -r ${IPFILCONF} ]; then
> ipf -I -Fa -f ${IPFILCONF}
> [...]
>
> i also suggest reading the output of "man -s 8 ipf".
>
> jim
>
> rmkml wrote:
> > Hi Martynas,
> >
> > If you stop and start (or restart),
> >
> > ipfilter loose state information ...
> >
> > If you keep state :
> >
> > A) Save state in file ????? (and reload of course)
> >
> > B) wait ipfilter v4
> >
> > C) Add temporarily in your rules : flags A
> > (accept all packet with tcp flags Ack)
> >
> > A) : http://false.net/ipfilter/2001_06/0292.html
> >
> > Regard
> >
> >
> > Martynas Buozis wrote:
> >
> >
> >>Hello
> >>
> >>I have rules like :
> >>
> >>block out log quick all head 100
> >>pass out quick proto tcp all flags S keep state keep frags group 100
> >>pass out quick proto udp all keep state keep frags group 100
> >>pass out quick proto icmp all keep state keep frags group 100
> >>
> >>If I restart ipf - state's are lost and all existing outgoing network
> >>connections are lost. Is there a way to restart (stop and start after
> >>some time) ipf with rules above not loosing already existing connections ?
> >>
> >>Thank you for your help.
> >>
> >>WBR
> >>Martynas
> >
> >
