Hi, On Thu, Oct 23, 2008 at 10:01, Tom Brown <tom at ng23.net> wrote: > thanks - once added do i need to do anything to make these 'live' ? I > imagine that a iptables restart will cut off current connections ? Is there > not a 'reload' or similar? AFAIK, "service iptables restart" does not cut off current connections. The stateful connections are kept by the conntrack module, which I believe will not be cleared on a restart of iptables, and "service iptables restart" also uses iptables-restore, which does the changes atomically instead of one by one. However, don't blindly follow what I'm saying here, this is all from memory and I might be wrong. If you really need to know it, verify it on a test environment before you do it on the production one. HTH, Filipe