https://bugzilla.novell.com/show_bug.cgi?id=462482 User jengelh@medozas.de added comment https://bugzilla.novell.com/show_bug.cgi?id=462482#c4 --- Comment #4 from Jan Engelhardt <jengelh@medozas.de> 2009-01-07 15:55:33 MST --- Simply augment iptables_add(): function iptables_add() { iptables_add_as_above; echo "iptables $@" >>"$tmpdir2/fallback.sh"; } function iptables_emit() { iptables_emit_as_above || . "$tmpdir2/fallback.sh"; } I think that, if there is a reason iptables-restore fails, then the manual commands will also fail at some point and leave the ruleset in a state which may lock out the user, at which point iptables-restore seems to be the better solution which does an atomic restore --- if this atomic restore fails, the previous ruleset will be used, which is either 1. empty chains all with policy of ACCEPT. 2. the minimal ruleset installed by SuSEfirewall2_init (the first stage thing) How's that sound? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.