# Modify FW rules on remote server with less fear

## thefsb

I have another Linux-neophyte question. FreeBSD has a nice script /usr/share/examples/ipfw/change_rules.sh that you can run instead of directly editing the firewall config script. The script invokes an editor. After you save the changes and run the new script, it will revert to the previous rules if you don't positively answer "Keep changes?" within 30 seconds.

It helps me with the jitters I sometimes get when I need to make a change to a server's FW via ssh.

Is there any such thing available for Linux? One specific to Gentoo's layout would be nice but maybe I could use something written for another distro.

----------

## Ant P.

```
/etc/init.d/iptables save

(sleep 30 && /etc/init.d/iptables reload) &

[do change here]

kill %1
```

----------

## thefsb

Thanks, Ant p. I couldn't find documentation for /etc/init.d/iptables so I tried to understand what your recipe does from that init script. Could you confirm my guessing?The first line dumps the current rule set into /var/lib/iptables/rules-save.

The next line kicks of a 30s timer, and if that expires it runs "iptables reload" which flushes the FW and loads /var/lib/iptables/rules-save.

Next I would issue some command of my own design to load my new FW rules.

Then I would kill the timer so the "iptables reload" doesn't happen.I should probably either work in tmux or detatch the background job on line 2 so that if the shell terminates when I load the rules, the timer/reload job doesn't. And take care that %1 does indeed refer to the timer/reload job.

OT on this thread, I know, but while I'm digging into init.d/iptables, is it's action on detecting an incomprehensible SVCNAME value a safe choice?

----------

