[BlueOnyx:18510] Re: xtables lock
Michael Stauber
mstauber at blueonyx.it
Thu Oct 15 09:55:42 -05 2015
Hi Richard,
> On 5209R this is all I get from dfix.sh
>
> Another app is currently holding the xtables lock. Perhaps you want to
> use the -w option?
> Another app is currently holding the xtables lock. Perhaps you want to
> use the -w option?
I explained this recently in another message on the list: iptables on
CentOS7 now has a locking mechanism. This is supposed to make sure that
only one active process can modify the iptables rules.
So APF and Active Monitor for 5209R now use the new "-w" flag of
iptables when they add or check the iptables rules. This "-w" flag is
supposed to make a process wait until it can obtain the exclusive lock
on the iptables rules.
However: Eventually that process might time out without receiving the
exclusive lock. In which case you get an error message about it.
Dfix2 still needs a small change to also make use of the "-w" flag on
CentOS7. This will be added in the next release. The error message you
got can be ignored for now. It's nothing serious and just a nuisance.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list