Hi Florian & Pablo, I noticed that lots iptables users are likely to miss the '-w' option while implementing multi-process program. Due to the fact that the iptables and ip6tables do not wait for the xtable_lock, people can easily mis-configure their iptables command because of concurrency issues. I'd like to propose a global config option to set the default wait interval and allow iptables to always wait for the lock. ie. " iptables --always-wait (ms) " if no value is specified, then use the default 1 second. I found it hard to see any users who may wish to run iptables command without lock. Does this proposal sound sane-ish ? Regards, Jack -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
