SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003779: Firewall set scripts "iptables: Resource temporarily unavailable" - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003779Endian FirewallFirewall (iptables)public2011-05-19 16:152011-09-06 09:06
Reporterthomas-endian 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.4 
Target VersionFixed in Version 
Summary0003779: Firewall set scripts "iptables: Resource temporarily unavailable"
DescriptionThe system have about 4200 VPN rules, if we make a setvpnfw.py the script need about 60 sec for the reload (Macro X1). If we change in this time other rules, e.g. DNAT, we get an

iptables: Resource temporarily unavailable.

Result: The DNAT rules are not in the IPtables.

Same problem in rc.netwizard.reload / rc.firewall. The VPNfw impaired the IPTABLES_HOOK_DIR=/etc/firewall/hooks.
Result: Incorrect IPtables, e.g. setxtaccess
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0006923)
lorenzo-endian (manager)
2011-07-08 10:44

Hi Ardit!

maybe I am wrong but did you verify this even on other systems right?

Can you confirm this?

Thanks in advance!

Lo
(0006951)
ardit-endian (developer)
2011-07-12 09:37

Hi,

I verified this on the system with Thomas and to resume the issue:

When to many VPN rules (3500 for example) are in there when the scripts are restarted (example after a network configuration wizard) the script (obviously) take way TO much to execute resulting in "iptables: Resource temporarily unavailable" , this caused because when another script try to use the netfilter interface which is already in use by the script.

In my opinion , yes this is confirmed , the only thing is that the number of the systems using 3000+ rules it's not high fortunately.

- Issue History
Date Modified Username Field Change
2011-05-19 16:15 thomas-endian New Issue
2011-07-08 10:44 lorenzo-endian Note Added: 0006923
2011-07-08 10:44 lorenzo-endian Assigned To => ardit-endian
2011-07-08 10:44 lorenzo-endian Status new => feedback
2011-07-12 09:37 ardit-endian Note Added: 0006951
2011-09-06 09:06 lorenzo-endian Assigned To ardit-endian => peter-endian
2011-09-06 09:06 lorenzo-endian Status feedback => confirmed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker