OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Packages
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Charlemagne Lasse - 01.08.2017

FS#944 - firewall3 isn't holding iptables lock

I was first thinking that my missing iptables rules are related to the bug  FS#943 . But it looks like firewall3 is not holding the iptables lock via the option “-w”. This is unsafe because multiple iptables process may try to change a table at the same time and thus overwrite the final results of another iptables process.

The -w functionality for iptables-restore can be found in https://git.netfilter.org/iptables/commit/?id=999eaa241212d3952ddff39a99d0d55a74e3639e

Admin
Jo-Philipp Wich commented on 01.08.2017 12:43

The current iptables release is not supporting `-w` for iptables-restore and the mentioned commit is not easily backportable.

Unless the current iptables release is not implementing `-w` properly, we cannot support this feature. Consider protecting your other racing code with a call to "lock /var/run/fw3.lock".

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing