On Thu, Nov 11, 2010 at 07:03:05PM +0100, Jan Kasprzak wrote: > Eric Dumazet wrote: > : > There probably can be some other iptables commands running > : > occasionally (automatic blacklisting of some IP addresses, enabling > : > traffic to authenticated laptops, etc.), but not in the chains I am > : > trying to modify with my firewall initscript. Can this also be a problem? > : Yes it is a problem. iptables manipulates the whole table, not a > : subtree. > So do you suggest I should implement some kind of user-space > locking, or is the current approach of "retry after 1 sec when it fails" > OK from the kernel point of view? You might be better off using ipset for dynamic rules. Best Regards, Michał Mirosław -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
