On 06/08/2006 04:18 PM, robee wrote: >> (Not that I know the solution, but..) Iptables is a userspace utility to >> setup rules. Once the rule is setup, iptables itself terminates and >> Netfilter (kernelspace) will use the rule. >> Although you could add the same rule multiple times (which is a bit >> useless..), AFAICS there's no way to have Netfilter "running" multiple >> times. >> But you do have a point: is the OP flushing all rules/deleting all >> user-chains when he is restarting the firewall script ? >> Gr, >> Rob > > yes, the first rules are: > > iptables -F > iptables -F -t nat > iptables -F -t mangle > > but, the same time firewall is restarting there also pppoe server working. > if-up.local file contain iptables rules also and it might be that iptables > lines from firewall and from if-up.local script are running the same time. Yes, that is what I meant... the iptables userspace program has to use a kernel interface to install the rules. If another instance of the iptables userspace program is currently installing some rules already, then the kernel interface will be in use, and you'll get this error. Or something like that; I haven't looked at the source code in detail. I've never seen this error myself, but I use locking around all calls to iptables. You should be doing this anyway if you are using iptables rather than iptables-restore, since your script's operation isn't atomic if it calls iptables multiple times.
