Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#944 - firewall3 isn't holding iptables lock #5893

Open
openwrt-bot opened this issue Aug 1, 2017 · 1 comment
Open

FS#944 - firewall3 isn't holding iptables lock #5893

openwrt-bot opened this issue Aug 1, 2017 · 1 comment
Labels
flyspray packages

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Aug 1, 2017

charlemagnelasse:

I was first thinking that my missing iptables rules are related to the bug FS#943. But it looks like firewall3 is not holding the iptables lock via the option "-w". This is unsafe because multiple iptables process may try to change a table at the same time and thus overwrite the final results of another iptables process.

The -w functionality for iptables-restore can be found in https://git.netfilter.org/iptables/commit/?id=999eaa241212d3952ddff39a99d0d55a74e3639e

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Aug 1, 2017

jow-:

The current iptables release is not supporting -w for iptables-restore and the mentioned commit is not easily backportable.

Unless the current iptables release is not implementing -w properly, we cannot support this feature. Consider protecting your other racing code with a call to "lock /var/run/fw3.lock".

@aparcar aparcar added the packages label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray packages
Projects
None yet
Development

No branches or pull requests

2 participants