Support iptables wait

Bug #1652163 reported by Christopher M Luciano on 2016-12-22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Jamie Strandboge

Bug Description

[This patch](https://www.spinics.net/lists/netfilter-devel/msg31867.html) references the addition of the -w flag that waits indefinitely for the xtables lock to be released. [Another patch](https://patchwork.ozlabs.org/patch/635676/) added the ability to add an interval to wait.
I would like to submit a patch to immplement the basics of adding the -w.

The iptables man page suggests that arguments are passed at the end of the command set. I was hoping to add logic to expect the wait command at the end of the argv list within and return wait = True when found. If wait = True, --wait would be appended to the cmd set around line 1154 in backend_iptables.py.

Open questions:
- Is there an ideal position for the wait string?
  - Trying to think ahead in case more iptables options are requested in the future
  - parser.py seems to want comments at the end in class UFWCommandRule
- Do patches that enable concurrent updates using ufw trump a -w patch?
  - Ex https://bugs.launchpad.net/debian/+source/ufw/+bug/1204579

Tags: dev Edit Tag help

Anyone have additional feedback on this?

Luke (lukepolo) wrote :

This would be a huge time saver, currently switched over to iptables while this fix is not in the current release

Christian (bolek2000) wrote :

I also would like to see that implemented...also to pass additional options to iptables via ufw would be great to circumvent similar problems when ufw is not up to date with newer iptables options.
I use the ufw Ansible module and at the moment I get an error if it happens, that a playbook runs on 2 hosts that delegate a firewall change in parallel to another host. I can only run the playbook against one host at a time.

Jamie Strandboge (jdstrand) wrote :

The upcoming ufw 0.36 is going to support concurrent updates, though not with iptables wait.

Changed in ufw:
status: New → Fix Committed
Changed in ufw:
importance: Undecided → Low
Jamie Strandboge (jdstrand) wrote :

This is fixed in the new 0.36 release.

Changed in ufw:
assignee: nobody → Jamie Strandboge (jdstrand)
status: Fix Committed → Fix Released

An upload of ufw to cosmic-proposed has been rejected from the upload queue for the following reason: "All bugs mentioned in the .changes file (so therefore also in the new debian/changelog entries) need to comply with SRU standards (test-case, regression potential). Please re-upload after filling out the required info or modify changelog to exclude irrelevant bug numbers.".

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers