Does iptables block on concurrent calls or is it necessary for the user to serialize use?

I have a 25 (destined to be 100+) hub (OpenWRT) adhoc L2 mesh network (batman-adv) with 4 gateway hubs. Every hub has a 5ghz and a 2.4ghz remote interface. The 2.4 is for customer get to and themesh operates on the 5ghz interface.

All hubs are near identical (software programming). The GW's communicated Internet (Ethernet) access to the mesh and two or three hubs have a LAN port (Ethernet) associated with a single server giving DHCP, SQL Server and http services to the mesh. By configuration, there is no limitation with respect to which hubs physically give access to the Internet or to the DCHP/SQL/HTTP server.

As of now remote customers approach the WAN ports of the GW's without limitation. The following period of the venture is to limit access to the WAN interface dependent on record data facilitated on the LAN server (i.e. account data in the database).

What I might want to do is remotely control the iptables of GW hubs to control Internet get to dependent on data from the servers however I don't know what is the best technique to get iptables commands to the GWs. My first idea was to do cluster commands by means of SSH or stream commands to the SSH customer. I could also write my own simple TCP/IP server. Likely there is a RPC model as well.

Is there a suggest technique given the above mentioned or Pros and Cons I ought to consider. Much thanks to you.

Gracy Layla

Either you use the iptables -w flag to wait for the global xtables lock to become free on concurrent invocations or you factor out the dynamic bits (macs, ips, ifaces) of your ruleset into ipsets which you can manage independently from the iptables rules at runtime.

1 Like