[CentOS] iptables local forwarding

[Tom Brown]

> AFAIK, "service iptables restart" does not cut off current
> connections. The stateful connections are kept by the conntrack
> module, which I believe will not be cleared on a restart of iptables,
> and "service iptables restart" also uses iptables-restore, which does
> the changes atomically instead of one by one.
>
> However, don't blindly follow what I'm saying here, this is all from
> memory and I might be wrong. If you really need to know it, verify it
> on a test environment before you do it on the production one.
>
>
>   

yes of course - thanks for all assistance