mgaulton
commented
8 years ago I should note, that part of the reason for this is I have other update scripts that are denied or vice versa due to the xtables lock.
Open mgaulton opened 8 years ago
mgaulton
commented
8 years ago I should note, that part of the reason for this is I have other update scripts that are denied or vice versa due to the xtables lock.
mrash
commented
8 years ago Just confirming that you mean when fwsnort is building the ruleset into the kernel? I.e. instead of when fwsnort is translating emerging-all? Normally fwsnort builds an iptables-save file that should be fairly fast to instantiate which is why I'm asking.
mgaulton
commented
8 years ago Yes, you understood correctly. I did switch to the iptables-save method, but initially, i was concerned that it would clobber my fail2ban and custom rules coming from bash scripts. I've set it to run on boot with the iptables-save and so far, haven't noticed any glitches.
Using the emerging-all, it takes a long time and I'm not sure how far along it is to judge the duration.