Alexander Farber wrote on Sun, 24 Apr 2011 09:04:30 +0200:
i.e. there is "sudo service iptables save", but I've yet to discover its usefulness
You can add rules on the fly and save them. For instance, I have a certain "starter script" with iptables rules and other filtering stuff grown over the years. I adapt that, put it on new machines and run it once. Then I save that and only add rules to it from the command line. If I know I want to keep them I save them, otherwise I don't and they will finally go away with the next reboot (e.g. abused mailservers or spambots usually last only for a few days). If there are rules, that I want to keep for longer and/or distribute to other machines I put them in the starter script.
Kai