Another app is currently holding the xtables lock

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

Another app is currently holding the xtables lock

Postby dspaan » Fri Apr 24, 2020 8:24 am

When i use the vicibox 8/9 VB-firewall i keep getting this warning in /var/mail/root:

Another app is currently holding the xtables lock. Perhaps you want to use the -w option?


When i want to reload the OpenSUSE firewall after i have made any change i have to wait ages for it to reload.

I discovered that when i disable the --dynamic and --white parameters for the * * * * * /usr/local/bin/VB-firewall.pl --dynamic --white --flush --quiet cronjob the issue goes away.

So it has to do with the dynamic and white list features. Does anyone have a work-around for this?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Another app is currently holding the xtables lock

Postby Kumba » Fri Apr 24, 2020 3:59 pm

Not really sure why those would be holding it open. When you run VB-Firewall.pl manually, how long does it take to run?
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Another app is currently holding the xtables lock

Postby williamconley » Fri Apr 24, 2020 4:13 pm

In the olden days we had issues with DNS that dramatically slowed the speed of such activities. Be sure your DNS is fast and working IF you are using any names. If you're not using any names, please feel free to ignore this message.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Another app is currently holding the xtables lock

Postby dspaan » Fri Apr 24, 2020 4:20 pm

We are using the DNS IP's from our datacenter provider, they are really fast.

When i run the script manually it takes about 9 seconds, i tried it 5 times:

/usr/local/bin/VB-firewall.pl --dynamic --white --flush

ViciBox Firewall white/dynamic/black list integration

Database Host : localhost
Database Name : asterisk
Database User : ****
Database Pass : ****
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whiteips
IPSet White List Nets : whitenets
RFC1918 White List : YES
Dynamic list : Enabled
IPSet Dynamic Age : 14
IPSet Dynamic List : dynamiclist
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 8 entires to process
Adding FLUSH for white list
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
White List had been loaded!

Generating Dynamic IP List rules...
Looking for valid web logins within the last 14 days
Adding FLUSH for dynamic lists
Writing IPSet rule file to /tmp//VB-DYNAMIC-tmp
Loading dynamic list IPSet rules into kernel
Dynamic List had been loaded!
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Another app is currently holding the xtables lock

Postby Kumba » Fri Apr 24, 2020 8:00 pm

Can you post the crontab entry you are using and the command you're trying to run after? I'll see if I can duplicate the issue.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Another app is currently holding the xtables lock

Postby dspaan » Sat Apr 25, 2020 7:28 am

This is what i have in crontab:

* * * * * /usr/local/bin/VB-firewall.pl --dynamic --white --flush --quiet


Example of a command:

firewall-cmd --permanent --zone=public --add-port=22/tcp
firewall-cmd --reload
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Another app is currently holding the xtables lock

Postby dspaan » Sat May 30, 2020 3:04 am

Did you get a chance to reproduce this?

Right now i have already had two servers where the SSL certificate failed to renew because we can't open the firewall ports because of the VB firewall cronjob holding the X tables lock.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Another app is currently holding the xtables lock

Postby dspaan » Sun Jan 16, 2022 6:40 pm

I forgot to post back on this old issue because at some point i contacted vicidial support and the fix was:

The VB-firewall.pl script needs to have the two instances of "iptables -L" changed to "iptables -L -w -n" to resolved the issue.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 61 guests