Menu
▾
▴
[Sshguard-users] xtables lock
|
From: James H. <jam...@gm...> - 2015-03-24 21:19:36
|
Recently I have seen many of these messages during a boot on my FedoraCore 21 box. "sshguard: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?" It seems libvirtd is execing "/usr/sbin/iptables" after it starts up. I have tweeked my sshguard.service file for systemd to have After=sshd.service After=syslog.target After=iptables.target After=ip6tables.target After=libvirtd.service After=firewalld.service But it doesn't look like that is enough. I suspect libvirtd has 'finished' starting up but has not completed the iptable changes it requires. What about adding "-w" to the iptables firwall commands? The downside is the command could block for a while. Should run_command() fork/exec and wait for a specific timeout before giving up on the command? Is blocking indefinitely acceptable, or is this all on deck for the libev rewrite? -- James Harris Software Engineer jam...@gm... |
