Thanks for the report. I read the ansible bug but this issue is actually
coming from the underlying iptables tool. Something on the system is
manipulating the firewall via iptables at the same time that the ufw
command is being run. As described, this would happen with any firewall
software. If only ufw is being used with ansible, perhaps ensure that
the ufw commands are not being run in parallel. The upstream bug
referenced docker, which will also manipulate the firewall with
iptables; perhaps ensure that ufw configuration is applied before docker
is started.
I'm going to mark this bug as Invalid for now. Feel free to provide more
information if you feel this is specific to ufw.
** Changed in: ufw (Ubuntu)
Status: Confirmed => Invalid
** Changed in: ufw (Ubuntu)
Status: Invalid => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1911637
Title:
Another app is currently holding the xtables lock
Status in ufw:
Triaged
Status in ufw package in Ubuntu:
Confirmed
Status in ufw package in Debian:
New
Bug description:
Version: ufw 0.36 (via Debian buster 0.36-1 deb-package)
I'm using ufw together with fail2ban, and often I get an error while
fail2ban is trying to ban an ip:
```
ERROR: initcaps
[Errno 2] Another app is currently holding the xtables lock. Perhaps you want
to use the -w option?
```
it seems that in utils.py, get_netfilter_capabilities(...) iptables is
called without "-w" flag to wait for the table lock
perhaps the checks should include this parameter to avoid leaving
temporary tables behind (and breaking fail2ban, but thats a different
story ...)?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1911637/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
