a safer way to update iptables remotely

see also : iptables-restore - iptables-save - iptables


iptables-apply [-hV] [-t timeout] ruleset-file

echo "iptables-apply /etc/network/iptables" > /etc/network/if-pre-up.d/iptables
echo "iptables-apply /etc/network/iptables" > /etc/network/if-pre-up.d/iptables
sh /vagrant/dist/mongodb/bin/install


iptables-apply will try to apply a new ruleset (as output by iptables-save/read by iptables-restore) to iptables, then prompt the user whether the changes are okay. If the new ruleset cut the existing connection, the user will not be able to answer affirmatively. In this case, the script rolls back to the previous ruleset after the timeout expired. The timeout can be set with -t.

When called as ip6tables-apply, the script will use ip6tables-save/-restore instead.


-t seconds, --timeout seconds

Sets the timeout after which the script will roll back to the previous ruleset.

-h, --help

Display usage information.

-V, --version

Display version information.


iptables-apply is copyright by Martin F. Krafft.

This manual page was written by Martin F. Krafft <madduck[:at:]madduck[:dot:]net>

Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.

see also

iptables -restore"> iptables-restore , iptables-save , iptables.

