Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#944 - firewall3 isn't holding iptables lock #5893

Open
openwrt-bot opened this issue Aug 1, 2017 · 1 comment
Open

FS#944 - firewall3 isn't holding iptables lock #5893

openwrt-bot opened this issue Aug 1, 2017 · 1 comment
Labels
core packages pull request/issue for core (in-tree) packages flyspray

Comments

@openwrt-bot
Copy link

charlemagnelasse:

I was first thinking that my missing iptables rules are related to the bug FS#943. But it looks like firewall3 is not holding the iptables lock via the option "-w". This is unsafe because multiple iptables process may try to change a table at the same time and thus overwrite the final results of another iptables process.

The -w functionality for iptables-restore can be found in https://git.netfilter.org/iptables/commit/?id=999eaa241212d3952ddff39a99d0d55a74e3639e

@openwrt-bot
Copy link
Author

jow-:

The current iptables release is not supporting -w for iptables-restore and the mentioned commit is not easily backportable.

Unless the current iptables release is not implementing -w properly, we cannot support this feature. Consider protecting your other racing code with a call to "lock /var/run/fw3.lock".

@aparcar aparcar added the core packages pull request/issue for core (in-tree) packages label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core packages pull request/issue for core (in-tree) packages flyspray
Projects
None yet
Development

No branches or pull requests

2 participants