Le jeudi 11 novembre 2010 Ã 19:03 +0100, Jan Kasprzak a Ãcrit : > Eric Dumazet wrote: > : > There probably can be some other iptables commands running > : > occasionally (automatic blacklisting of some IP addresses, enabling > : > traffic to authenticated laptops, etc.), but not in the chains I am > : > trying to modify with my firewall initscript. Can this also be a problem? > : > : Yes it is a problem. iptables manipulates the whole table, not a > : subtree. > > So do you suggest I should implement some kind of user-space > locking, or is the current approach of "retry after 1 sec when it fails" > OK from the kernel point of view? You could implement a user-space locking, if the additional delay of the "retry after 1 sec" is bothering you ;) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
