[CentOS] iptables local forwarding

Thu Oct 23 14:28:53 UTC 2008
Filipe Brandenburger <filbranden at gmail.com>

Hi,

On Thu, Oct 23, 2008 at 10:01, Tom Brown <tom at ng23.net> wrote:
> thanks - once added do i need to do anything to make these 'live' ? I
> imagine that a iptables restart will cut off current connections ? Is there
> not a 'reload' or similar?

AFAIK, "service iptables restart" does not cut off current
connections. The stateful connections are kept by the conntrack
module, which I believe will not be cleared on a restart of iptables,
and "service iptables restart" also uses iptables-restore, which does
the changes atomically instead of one by one.

However, don't blindly follow what I'm saying here, this is all from
memory and I might be wrong. If you really need to know it, verify it
on a test environment before you do it on the production one.

HTH,
Filipe