Remote firewall maintenance, unless you're ABSOLUTELY, POSITIVELY sure about what you're doing, is risky. Once you lock yourself out, you're screwed.
Consider the source you list at the URL below: http://www.iana.org/assignments/ipv4-address-space The important thing to note is this line of text (line 3, specifically): ----- (last updated 19 January 2006) ----- Doesn't look like it changes daily.Which, to me, means you REALLY don't need to muck about with flushing/ reloading your iptables firewall rules _daily_ to account for changes in this file. Heck, looks like once every six months would be more than frequent enough.
Hoever, if you're going to be designing a firewall and you're going to want to have sets of rules that you want to change with any sort of frequency or automation, you need to carefully design the firewall with those rules in a separate chain that won't cause the firewall to spank itself should that chain be flushed. (Sorry for the run- on...) There is no canned approach to this, so crack open your shell scripting toolbox and have at it.
Gregory On Aug 7, 2006, at 4:31 PM, [EMAIL PROTECTED] wrote:
I have a need to restart my firewall every day or so and don't know if a few seconds of downtime will matter. Why? I want to deny reserved IP addresses at: www.iana.org/assignments/ipv4-address-space This list *CHANGES* so I must reconfigure firewall every day or so. :( Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
-- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
