10 Jun
2007
10 Jun
'07
11:10 p.m.
--On Wednesday, June 06, 2007 6:02 PM -0700 Al Sparks data345@yahoo.com wrote:
Strangely enough, that's not reflected in the # iptables -L output.
The sysconfig file shows what will be loaded on boot. To see the same information about what's in memory, use iptables-save. That's what's used by the initscript to save to the sysconfig file. It normally outputs to standard output, and the initscript redirects it to the sysconfig file.
BTW, if you have lots of rules, it's more efficient to load them with iptables-restore than individual iptables commands, because the -restore variant loads them all with one kernel operation, and hence only one locking of the table.