Patrick Schleizer writes: > I.e. two packages trying to add iptables rules at the same time and > thereby failing to do so?
They can't do that as each call to iptables locks the table be operated on. Without -w iptables exits when it can't get the lock. With -w it waits. Pascal Hambourg writes: > Yes, or mixing up their rules resulting in unpredictable results. Yes, that could happen if the programs call iptables multiple times. Best that programs that manipulate the tables assemble their changes and install them all with a single call of iptables. Otherwise you could have short periods where an unintended ruleset is in effect (or the program could exit before it completes). Of course, you still might get surprises if you run two such programs, but why would you do that? If you have program that bypasses iptables you're on your own. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
