Open WangXiangUSTC opened 2 years ago
WangXiangUSTC
commented
2 years ago For iptables, the same version in different Linux distributions may have different parameters. For example, iptables 1.4.21 on RHEL contains -w, but it is not in SUSE.
huang325
commented
2 years ago Seems the effactive code is here.
Based on official ChangeLog of iptables, -w flag has added an optional [seconds] argument since v1.6.0
However, there are evidence shows that even in 1.4.21, some OS, such as RHEL, already supported that [seconds] argument. So it's not straightforward to decide the command based on version number.
Simply remove the time argument may cause the process keep holding when xtables lock is not available.
when executing network partition attack, chaosd will run iptables command like below:
But
-wis not provided in iptables before v1.6, so it will run failed in this situation.