[TUTORIAL] Update interfaces' iptables without downtime

[Keyinator]

Credits to @smartynov for his solution which I just edited minorly.

The following script lets you reload the network interface and defined iptables without a reboot.
I have added two commands which will clear all ip table rules for PRE- and POST-Routing before executing the reload thus effectively reloading these rules too instead of just appending specified rules to the old ones.

If you want to reload other types of iptables entries just replace the second or third line to your liking.

#!/bin/bash
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
/etc/init.d/networking restart

grep -FH bridge= /etc/pve/nodes/*/qemu-server/*.conf \
 | perl -nle 'print "fwpr$1p$2 master $3" if /\/(\d+).conf:net(\d+):.*?bridge=(vmbr\d+)/' \
 | xargs -l1 ip link set

 

[spirit]

if you want to reload network interfaces without reboot,

simply used ifupdown2 package, and do a "ifreload -a" (or use the proxmox gui "apply configuration" button in network section)

(this is the default of proxmox7)

 

[Keyinator]

if you want to reload network interfaces without reboot,

simply used ifupdown2 package, and do a "ifreload -a" (or use the proxmox gui "apply configuration" button in network section)

(this is the default of proxmox7)

Hey, I specified myself very poorly (I'll update the post). With a reload the old post-up rules will not be overwritten but appended. With the following code you can fully reload networking, while refreshing iptables and keeping bridges (i.e. vm connections)

 

[spirit]

Hey, I specified myself very poorly (I'll update the post). With a reload the old post-up rules will not be overwritten but appended. With the following code you can fully reload networking, while refreshing iptables and keeping bridges (i.e. vm connections)

mmm, interesting. I'll look at ifupdown2 code. Thanks fo the report.