Michael O'Keefe wrote: > [EMAIL PROTECTED] wrote: >> I have a need to restart my firewall every day or so and don't >> know if a few seconds of downtime will matter. >> >> Why? I want to deny reserved IP addresses at: >> >> www.iana.org/assignments/ipv4-address-space >> >> This list *CHANGES* so I must reconfigure firewall every day or so. :( > > You have to restart it to apply changes ? > I'd look at your update process/procedure ! > That doesn't sound right >
In case the box is basically a router, you can simply echo 0 > /proc/sys/net/ipv4/ip_forward then do iptables stuff, then echo 1 > /proc/sys/net/ipv4/ip_forward That assumes you have ssh access (unaffected by iptables or forwarding) for your manual manipulations, or that you have a _reliable_ script. It is common to embed ip_forward switch off & on operations within iptables startup/shutdown scripts. Perhaps your tools already have them? Of course if it's also a server, then there's likely more to it. ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
