From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 139681386F3 for ; Fri, 14 Aug 2015 09:28:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 48383142A9; Fri, 14 Aug 2015 09:28:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AF26F142A9 for ; Fri, 14 Aug 2015 09:28:37 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F3725340961 for ; Fri, 14 Aug 2015 09:28:36 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 1820115B for ; Fri, 14 Aug 2015 09:28:34 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1439544506.27a2f5aa3b111e62f52fcd3f66f763293f24871b.vapier@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-firewall/iptables/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-firewall/iptables/files/iptables.init X-VCS-Directories: net-firewall/iptables/files/ X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: 27a2f5aa3b111e62f52fcd3f66f763293f24871b X-VCS-Branch: master Date: Fri, 14 Aug 2015 09:28:34 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: d5d7d68d-63a4-4c40-b8a6-c551701498bf X-Archives-Hash: 1bd717a2ba429d6457f43e3bad2fcfa2 commit: 27a2f5aa3b111e62f52fcd3f66f763293f24871b Author: Mike Frysinger gentoo org> AuthorDate: Fri Aug 14 09:12:11 2015 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Fri Aug 14 09:28:26 2015 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a2f5aa net-firewall/iptables: init: use -w when running iptables #501710 Newer iptables versions have an internal lock to keep multiple instances from trampling on each other, but you have to use the -w flag. Normally this doesn't come up, but when you run iptables & ip6tables in parallel, things can get a bit racy wrt state (even though they're updating diff sets of chains). net-firewall/iptables/files/iptables.init | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init index 440e840..f396ea2 100755 --- a/net-firewall/iptables/files/iptables.init +++ b/net-firewall/iptables/files/iptables.init @@ -35,7 +35,7 @@ set_table_policy() { esac local chain for chain in ${chains} ; do - ${iptables_bin} -t ${table} -P ${chain} ${policy} + ${iptables_bin} -w -t ${table} -P ${chain} ${policy} done } @@ -73,8 +73,8 @@ stop() { for a in $(cat ${iptables_proc}) ; do set_table_policy $a ACCEPT - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? } @@ -85,8 +85,8 @@ reload() { ebegin "Flushing firewall" local a for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a done eend $? @@ -121,8 +121,8 @@ panic() { local a ebegin "Dropping all packets" for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -F -t $a - ${iptables_bin} -X -t $a + ${iptables_bin} -w -F -t $a + ${iptables_bin} -w -X -t $a set_table_policy $a DROP done