From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tapani Tarvainen To: development@lists.ipfire.org Subject: Re: Forcing all DNS traffic from the LAN to the firewall Date: Sun, 15 Nov 2020 17:44:58 +0200 Message-ID: <20201115154458.GC727329@vesikko.tarvainen.info> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8591266729849811722==" List-Id: --===============8591266729849811722== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sun, Nov 15, 2020 at 02:50:09PM +0000, Michael Tremer (michael.tremer(a)ip= fire.org) wrote: > > deactivating these rules would need a complete reboot!? Or do I > > overlook something? >=20 > Yes, this would be true. Why? After all iptables supports deleting (-D) or replacing (-R) rules anywhere any chain. Turning rules in a custom chain on or off could be done with a single iptables command. OK, I guess that'd require non-trivial amount of coding in IPFire. > Maybe we should in general move these things to not require a reboot? I'd like that. BTW unbound also supports changes without total reload. > I believe reloading the whole firewall is something we can support right no= w. That would already be helpful. --=20 Tapani Tarvainen --===============8591266729849811722==--