summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-08-14 05:12:11 -0400
committerMike Frysinger <vapier@gentoo.org>2015-08-14 05:28:26 -0400
commit27a2f5aa3b111e62f52fcd3f66f763293f24871b (patch)
treedeeb0be7d351e78ab899dcd7bed35213ed23cd10 /net-firewall
parentnet-firewall/iptables: add support for USE=pcap #512934 (diff)
downloadgentoo-27a2f5aa3b111e62f52fcd3f66f763293f24871b.tar.gz
gentoo-27a2f5aa3b111e62f52fcd3f66f763293f24871b.tar.bz2
gentoo-27a2f5aa3b111e62f52fcd3f66f763293f24871b.zip
net-firewall/iptables: init: use -w when running iptables #501710
Newer iptables versions have an internal lock to keep multiple instances from trampling on each other, but you have to use the -w flag. Normally this doesn't come up, but when you run iptables & ip6tables in parallel, things can get a bit racy wrt state (even though they're updating diff sets of chains).
Diffstat (limited to 'net-firewall')
-rwxr-xr-xnet-firewall/iptables/files/iptables.init14
1 files changed, 7 insertions, 7 deletions
diff --git a/net-firewall/iptables/files/iptables.init b/net-firewall/iptables/files/iptables.init
index 440e840c41a..f396ea2ef14 100755
--- a/net-firewall/iptables/files/iptables.init
+++ b/net-firewall/iptables/files/iptables.init
@@ -35,7 +35,7 @@ set_table_policy() {
esac
local chain
for chain in ${chains} ; do
- ${iptables_bin} -t ${table} -P ${chain} ${policy}
+ ${iptables_bin} -w -t ${table} -P ${chain} ${policy}
done
}
@@ -73,8 +73,8 @@ stop() {
for a in $(cat ${iptables_proc}) ; do
set_table_policy $a ACCEPT
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
}
@@ -85,8 +85,8 @@ reload() {
ebegin "Flushing firewall"
local a
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
done
eend $?
@@ -121,8 +121,8 @@ panic() {
local a
ebegin "Dropping all packets"
for a in $(cat ${iptables_proc}) ; do
- ${iptables_bin} -F -t $a
- ${iptables_bin} -X -t $a
+ ${iptables_bin} -w -F -t $a
+ ${iptables_bin} -w -X -t $a
set_table_policy $a DROP
done