For some reason iptables-save is not included in most firmwares. Reason? Someone commented out the source. I have compiled an iptables-save binary that, so far, seems to be compatible with all releases of Tomato I have tried it on. It was compiled from the V1.16 source. Code: # unzip iptables-save.zip Enable ssh on your router. # scp iptables-save router:/tmp router# /tmp/iptables-save -c Wooot! Todo: Figure out why, where and how various firmwares reload the firewall. Tomato, for example, creates an iptables-save format file when you modify it's QoS rules, in /tmp/etc/iptables, and uses iptables-restore to effect your changes. Presumably upon reconnection of any Wan link, the firewall is reset. Anybody know of anywhere else the firewall is reset? Why is this useful? You can do an Code: # iptables-save -c >/jffs/iptables in your shutdown script, or as a cron script, every few minutes; then you can do an Code: # iptables-restore -c </jffs/iptables to restore your counters in your init or wan_up scripts... Sure... there'll be some debugging pending our discovery of the firewall reset points... Anybody have any bullet-proof setups doing this, or better uses? Let us know!