----- Original Message -----
From: "Philip Craig" <philipc@xxxxxxxxxxxx>
To: "robee" <mlody@xxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 08, 2006 9:39 AM
Subject: Re: iptables - resource temporary unavailable
On 06/08/2006 04:18 PM, robee wrote:
(Not that I know the solution, but..) Iptables is a userspace utility to
setup rules. Once the rule is setup, iptables itself terminates and
Netfilter (kernelspace) will use the rule.
Although you could add the same rule multiple times (which is a bit
useless..), AFAICS there's no way to have Netfilter "running" multiple
times.
But you do have a point: is the OP flushing all rules/deleting all
user-chains when he is restarting the firewall script ?
Gr,
Rob
yes, the first rules are:
iptables -F
iptables -F -t nat
iptables -F -t mangle
but, the same time firewall is restarting there also pppoe server
working. if-up.local file contain iptables rules also and it might be
that iptables lines from firewall and from if-up.local script are
running the same time.
Yes, that is what I meant... the iptables userspace program has to use
a kernel interface to install the rules. If another instance of the
iptables userspace program is currently installing some rules already,
then the kernel interface will be in use, and you'll get this error.
Or something like that; I haven't looked at the source code in detail.
I've never seen this error myself, but I use locking around all calls
to iptables. You should be doing this anyway if you are using iptables
rather than iptables-restore, since your script's operation isn't
atomic if it calls iptables multiple times.
Could you tell me how do you lock around calls to iptables?
robee-admin
