[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How do packages that modify iptables rules prevent race conditions?


as I just learned on the mailing list, that at least the packages
fail2ban and miniupnpd [and most likely arno-iptables-firewall also]
modify iptables rules...

Is there a chance for race conditions? I.e. two packages trying to add
iptables rules at the same time and thereby failing to do so?

What is the proper mechanism to add iptables rules [for packages] to
avoid such race conditions?

Is using 'iptables --wait' sufficient or something else?


Reply to: