git.ipfire.org Git - ipfire-2.x.git/commit

author	Peter Müller <peter.mueller@ipfire.org>
	Sun, 28 Sep 2025 19:51:00 +0000 (19:51 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 30 Sep 2025 08:53:01 +0000 (08:53 +0000)
commit	3d20bc708dd24804d4da6ed311d5c04d91254a25
tree	f4c481122c488232796069f8ec82fde442703dd9	tree \| snapshot
parent	726d4078bb3798abd6bf793c553ab4598c0037fe	commit \| diff

initscripts: Always wait for xtables lock when running iptables commands

If not explicitly instructed to do so, iptables by default aborts with
an error message such as

> Can't lock /run/xtables.lock: Resource temporarily unavailable
> Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

if the Xtables lock is still set, i.e., another iptables operation is
currently in progress. This causes iptables commands not to be executed
at all if there are delays during the boot procedure, e.g. due to slow
PPPoE dial-up procedure or similar.

To ensure deterministic behavior, this match modifies initscripts to
always execute iptables to wait for the Xtables lock to be removed, to
make sure iptables rules are installed properly (the "firewall"
initscript is doing so already).

Fixes: #13896 - OpenVPN RW port not opened in firewall after reboot
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/initscripts/networking/red		diff \| blob \| blame \| history
src/initscripts/packages/tor		diff \| blob \| blame \| history
src/initscripts/system/dhcp		diff \| blob \| blame \| history
src/initscripts/system/openvpn-n2n		diff \| blob \| blame \| history
src/initscripts/system/openvpn-rw		diff \| blob \| blame \| history
src/initscripts/system/wireguard		diff \| blob \| blame \| history