[pkg-netfilter-team] Bug#816087: iptables is racy by default when used in scripts
Pedretti Fabio
pedretti.fabio at gmail.com
Thu Oct 18 15:39:50 BST 2018
Control: fixed -1 1.8.0-1~exp1
Hi, this should be fixed with 1.8.0-1~exp1 when using the nf_tables backend.
>From man xtables-nft:
DIFFERENCES TO LEGACY IPTABLES
Because the xtables-nft tools use the nf_tables kernel API, rule
additions and deletions are always atomic. Unlike iptables-legacy,
iptables-nft -A .. will NOT need to retrieve the current ruleset from
the kernel, change it, and re-load the altered ruleset. Instead,
iptables-nft will tell the kernel to add one rule. For this reason,
the iptables-legacy --wait option is a no-op in iptables-nft.
More information about the pkg-netfilter-team
mailing list