#!/bin/sh
# apply-new-iptables.sh
OLD=/root/iptables-old.rules
NEW=/root/iptables-new.rules
# backup current
iptables-save > "$OLD"
# apply new rules
iptables-restore < "$NEW"
# start rollback timer: restore OLD after 60s if not canceled
( sleep 60 && iptables-restore < "$OLD" ) &
ROLLBACK_PID=$!
echo $ROLLBACK_PID > /tmp/iptables-rollback.pid
echo "New rules applied. To keep them, run: kill $(cat /tmp/iptables-rollback.pid) && rm /tmp/iptables-rollback.pid"