ufw

Support iptables wait

Bug #1652163 reported by Christopher M Luciano on 2016-12-22
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ufw
Undecided
Unassigned

Bug Description

[This patch](https://www.spinics.net/lists/netfilter-devel/msg31867.html) references the addition of the -w flag that waits indefinitely for the xtables lock to be released. [Another patch](https://patchwork.ozlabs.org/patch/635676/) added the ability to add an interval to wait.
I would like to submit a patch to immplement the basics of adding the -w.

The iptables man page suggests that arguments are passed at the end of the command set. I was hoping to add logic to expect the wait command at the end of the argv list within and return wait = True when found. If wait = True, --wait would be appended to the cmd set around line 1154 in backend_iptables.py.

Open questions:
- Is there an ideal position for the wait string?
  - Trying to think ahead in case more iptables options are requested in the future
  - parser.py seems to want comments at the end in class UFWCommandRule
- Do patches that enable concurrent updates using ufw trump a -w patch?
  - Ex https://bugs.launchpad.net/debian/+source/ufw/+bug/1204579

Tags: dev Edit Tag help

Anyone have additional feedback on this?

Luke (lukepolo) wrote :

This would be a huge time saver, currently switched over to iptables while this fix is not in the current release

Christian (bolek2000) wrote :

I also would like to see that implemented...also to pass additional options to iptables via ufw would be great to circumvent similar problems when ufw is not up to date with newer iptables options.
I use the ufw Ansible module and at the moment I get an error if it happens, that a playbook runs on 2 hosts that delegate a firewall change in parallel to another host. I can only run the playbook against one host at a time.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers