Re: Iptables restore scheduled?
Posted: 28 Jan 2012, 04:34
That is clever indeed, even though probably not many people will have this type of NAT rules in place.
But there also appears to be a bit of an oversight here. As you found out, it does not take into account that there may be dynamic (unsaved) rules in place that get deleted this way. It would also rewrite rules that have a different target than the old eth0 address.
I think you could improve the script by adding some additional tests that verify that $new_* is in fact different from $old_* AND that DNAT rules do exist for the $old_ip_address. If none of this is true, there's no sense in reloading the firewall rules anyway. I'd suggest if your provider has assigned a fixed IP, that you just delete this script (or remove the executable flag).
But there also appears to be a bit of an oversight here. As you found out, it does not take into account that there may be dynamic (unsaved) rules in place that get deleted this way. It would also rewrite rules that have a different target than the old eth0 address.
I think you could improve the script by adding some additional tests that verify that $new_* is in fact different from $old_* AND that DNAT rules do exist for the $old_ip_address. If none of this is true, there's no sense in reloading the firewall rules anyway. I'd suggest if your provider has assigned a fixed IP, that you just delete this script (or remove the executable flag).