My iptables script contains many rules. Every time it runs, it flushes the old rules and reloads them so they don't stack. But since it takes a long time to run, I want to create a separate script to run only this rule.
myacl=$(cat list.txt)
for string in `echo -e "$myacl"`; do
iptables -A FORWARD -m string --string "$string" --algo bm -j DROP
done
So, what I need is to reload this rule, so that it takes the changes I made in "list.txt", but does not affect the rest of the iptables rules, which in another script were already loaded and running.
PD: someone HERE says that with "iptables -D". Example:
myacl=$(cat list.txt)
for string in `echo -e "$myacl"`; do
iptables -D FORWARD -m string --string "$string" --algo bm -j DROP
iptables -A FORWARD -m string --string "$string" --algo bm -j DROP
done
But this solution I don't think will work and it is strange to me
Thanks
The linux kernel rules are modified by the iptables command. If you flush all the rules and recreate them, there is a little time where there is no rule at all (and all the packets my be dropped). It is the principle of "reload" or "restart".
Use the -D (Delete) will only delete one rule. The -A will Append at the end the new rule. The others ones are not touched.
I don't understand your script : you remove a rule to re-add it at the end. If you have changed your file since the last time you run the script, you will not remove all the existing rules (it they doesn't exists anymore in your file) as iptables will not found them.
Example :