I'm building a firewall rule generator and i need to apply all the iptables rule atomically. The only guaranteed way to do that is to use an iptables restore file, which has it's own syntax. The only guaranteed way to generate such a file is to run the iptables commands, dump them with iptables save and restore them, which seems completely unacceptable for a live system. Is there an easier way, such as a software which will parse raw iptables rules and generate an iptables restore? I've found fwmacro, but it's not maintained, and has it's own syntax, such as:
-A 10stateful -mstate --state INVALID -j DROP
instead of
iptables -A stateful -mstate --state INVALID -j DROP
