AFAIK, "service iptables restart" does not cut off current
connections. The stateful connections are kept by the conntrack
module, which I believe will not be cleared on a restart of iptables,
and "service iptables restart" also uses iptables-restore, which does
the changes atomically instead of one by one.
However, don't blindly follow what I'm saying here, this is all from
memory and I might be wrong. If you really need to know it, verify it
on a test environment before you do it on the production one.
yes of course - thanks for all assistance
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
