Ping a Specific Port

Question

mighq

Asked: 2013-03-29 07:29:41 +0800 CST2013-03-29 07:29:41 +0800 CST 2013-03-29 07:29:41 +0800 CST

clever way to update iptables firewall without clearing the counters

772

can I somehow reload firewall rules using iptables-save definition, without clearing the current runtime version counters? I want some way to only add and remove different rules and keep the old ones in place with counters intact. iptables-restore -n is not clever enough.

has anyone solved this issue before?

my monitoring is bound to firewall rules and counters and clearing them makes big spike in rrdtool charts, because rrdtool thinks it is integer overflow, not firewall update.

1 Answers

Voted

Zoredache · Answer 1 · 2013-03-29T08:34:24+08:00

Zoredache

2013-03-29T08:34:24+08:002013-03-29T08:34:24+08:00

There are many options, you just need to change how to manage the firewall.

A couple ideas

Don't 'reload' the firewall. Issue commands to add/insert/remove rules as required.
Re factor your firewall so the counters are in a separate chain from the filtering rules. Don't flush/update that particular chain.
Use iptables-save to export the current rules, update the exported rule set, and restore them.
As @gparent suggested use the something to save the counters, and then use the -c option to restore them during a reload.

1

clever way to update iptables firewall without clearing the counters

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?