- Added a more robust firewall initialization loop. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@235 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-01-22 11:10:29 +00:00 · 2006-01-22 11:10:29 +00:00 · d29648d4de
parent ad4280d506
commit d29648d4de
1 changed files with 19 additions and 1 deletions
--- a/fail2ban.py
+++ b/fail2ban.py
@ -423,7 +423,25 @@ def main():
 		else:
 			logSys.warn(ip + " is not a valid IP address")
 	
-	initializeFwRules()
+	# Startup loop -- necessary to avoid crash if it takes time for iptables
+	# to startup. To avoid introduction of new config options, reusing
+	# maxreinits and polltime.
+	reinits = 0
+	while True:
+		try:
+			initializeFwRules()
+			break
+		except ExternalError, e:
+			reinits += 1
+			logSys.warn(e)
+			if conf["maxreinits"] < 0 or (reinits < conf["maxreinits"]):
+				logSys.warn("#%d attempt to initialize the firewalls" % reinits)
+			else:
+				logSys.error("Exiting: Too many attempts to initialize the " +
+							 "firewall")
+				killApp()
+			time.sleep(conf["polltime"])
+
 	# try to reinit once if it fails immediately
 	lastReinitTime = time.time() - conf["reinittime"] - 1
 	reinits = 0