[TUTORIAL] Update interfaces' iptables without downtime

Keyinator

New Member
Jan 29, 2022
15
0
1
20
Credits to @smartynov for his solution which I just edited minorly.

The following script lets you reload the network interface and defined iptables without a reboot.
I have added two commands which will clear all ip table rules for PRE- and POST-Routing before executing the reload thus effectively reloading these rules too instead of just appending specified rules to the old ones.

If you want to reload other types of iptables entries just replace the second or third line to your liking.
Code:
#!/bin/bash
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING
/etc/init.d/networking restart

grep -FH bridge= /etc/pve/nodes/*/qemu-server/*.conf \
 | perl -nle 'print "fwpr$1p$2 master $3" if /\/(\d+).conf:net(\d+):.*?bridge=(vmbr\d+)/' \
 | xargs -l1 ip link set
 
Last edited:

spirit

Famous Member
Apr 2, 2010
5,624
608
133
www.odiso.com
if you want to reload network interfaces without reboot,

simply used ifupdown2 package, and do a "ifreload -a" (or use the proxmox gui "apply configuration" button in network section)

(this is the default of proxmox7)
 
  • Like
Reactions: Keyinator

Keyinator

New Member
Jan 29, 2022
15
0
1
20
if you want to reload network interfaces without reboot,

simply used ifupdown2 package, and do a "ifreload -a" (or use the proxmox gui "apply configuration" button in network section)

(this is the default of proxmox7)
Hey, I specified myself very poorly (I'll update the post). With a reload the old post-up rules will not be overwritten but appended. With the following code you can fully reload networking, while refreshing iptables and keeping bridges (i.e. vm connections)
 

spirit

Famous Member
Apr 2, 2010
5,624
608
133
www.odiso.com
Hey, I specified myself very poorly (I'll update the post). With a reload the old post-up rules will not be overwritten but appended. With the following code you can fully reload networking, while refreshing iptables and keeping bridges (i.e. vm connections)
mmm, interesting. I'll look at ifupdown2 code. Thanks fo the report.
 
  • Like
Reactions: Keyinator

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!