Re: iptables - resource temporary unavailable

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Philip Craig <philipc@snapgear.com>
To: robee <mlody@elpec.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables - resource temporary unavailable
Date: Thu, 08 Jun 2006 17:39:14 +1000	[thread overview]
Message-ID: <4487D422.7090707@snapgear.com> (raw)
In-Reply-To: <002601c68ac3$7188bbc0$0e01050a@robee>

On 06/08/2006 04:18 PM, robee wrote:
>> (Not that I know the solution, but..) Iptables is a userspace utility to
>> setup rules. Once the rule is setup, iptables itself terminates and
>> Netfilter (kernelspace) will use the rule.
>> Although you could add the same rule multiple times (which is a bit
>> useless..), AFAICS there's no way to have Netfilter "running" multiple
>> times.
>> But you do have a point: is the OP flushing all rules/deleting all
>> user-chains when he is restarting the firewall script ?
>> Gr,
>> Rob
> 
> yes, the first rules are:
> 
> iptables -F
> iptables -F -t nat
> iptables -F -t mangle
> 
> but, the same time firewall is restarting there also pppoe server working. 
> if-up.local file contain iptables rules also and it might be that iptables 
> lines from firewall and from if-up.local script are running the same time.

Yes, that is what I meant... the iptables userspace program has to use
a kernel interface to install the rules.  If another instance of the
iptables userspace program is currently installing some rules already,
then the kernel interface will be in use, and you'll get this error.
Or something like that; I haven't looked at the source code in detail.

I've never seen this error myself, but I use locking around all calls
to iptables.  You should be doing this anyway if you are using iptables
rather than iptables-restore, since your script's operation isn't
atomic if it calls iptables multiple times.

next prev parent reply	other threads:[~2006-06-08  7:39 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-07  7:54 iptables - resource temporary unavailable robee
2006-06-07  8:07 ` Sietse van Zanen
2006-06-07  8:46   ` robee
2006-06-07  9:04     ` Sietse van Zanen
2006-06-08  0:34 ` Philip Craig
2006-06-08  5:23   ` Rob Sterenborg
2006-06-08  6:18     ` robee
2006-06-08  7:39       ` Philip Craig [this message]
2006-06-08  8:20         ` robee
2006-06-08  8:26           ` Philip Craig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4487D422.7090707@snapgear.com \
    --to=philipc@snapgear.com \
    --cc=mlody@elpec.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.