diff --git a/SOURCES/iptables-config b/SOURCES/iptables-config index d9f6c34..0237281 100644 --- a/SOURCES/iptables-config +++ b/SOURCES/iptables-config @@ -52,3 +52,15 @@ IPTABLES_STATUS_LINENUMBERS="yes" # Space separated list of sysctl items which are to be reloaded on start. # List items will be matched by fgrep. #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf" + +# Set wait option for iptables-restore calls in seconds +# Default: 600 +# Set to 0 to deactivate the wait. +#IPTABLES_RESTORE_WAIT=600 + +# Set wait interval option for iptables-restore calls in microseconds +# Default: 1000000 +# Set to 100000 to try to get the lock every 100000 microseconds, 10 times a +# second. +# Only usable with IPTABLES_RESTORE_WAIT > 0 +#IPTABLES_RESTORE_WAIT_INTERVAL=1000000 diff --git a/SOURCES/iptables.init b/SOURCES/iptables.init index 8f3060e..80f6ccd 100755 --- a/SOURCES/iptables.init +++ b/SOURCES/iptables.init @@ -58,6 +58,8 @@ IPTABLES_STATUS_NUMERIC="yes" IPTABLES_STATUS_VERBOSE="no" IPTABLES_STATUS_LINENUMBERS="yes" IPTABLES_SYSCTL_LOAD_LIST="" +IPTABLES_RESTORE_WAIT=600 +IPTABLES_RESTORE_WAIT_INTERVAL=1000000 # Load firewall configuration. [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG" @@ -216,6 +218,12 @@ start() { OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" + if [ $IPTABLES_RESTORE_WAIT -ne 0 ]; then + OPT="${OPT} --wait ${IPTABLES_RESTORE_WAIT}" + if [ $IPTABLES_RESTORE_WAIT_INTERVAL -lt 1000000 ]; then + OPT="${OPT} --wait-interval ${IPTABLES_RESTORE_WAIT_INTERVAL}" + fi + fi $IPTABLES-restore $OPT $IPTABLES_DATA if [ $? -eq 0 ]; then @@ -383,6 +391,12 @@ reload() { OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" + if [ $IPTABLES_RESTORE_WAIT -ne 0 ]; then + OPT="${OPT} --wait ${IPTABLES_RESTORE_WAIT}" + if [ $IPTABLES_RESTORE_WAIT_INTERVAL -lt 1000000 ]; then + OPT="${OPT} --wait-interval ${IPTABLES_RESTORE_WAIT_INTERVAL}" + fi + fi $IPTABLES-restore $OPT $IPTABLES_DATA if [ $? -eq 0 ]; then diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec index 91c3aa2..91ba6e7 100644 --- a/SPECS/iptables.spec +++ b/SPECS/iptables.spec @@ -7,7 +7,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.4.21 -Release: 18%{?dist} +Release: 18.0%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -37,6 +37,9 @@ Patch16: iptables-1.4.21-restore_wait_man.patch Group: System Environment/Base URL: http://www.netfilter.org/ License: GPLv2 +# add in libtool for autogen +BuildRequires: libtool + # libnetfilter_conntrack is needed for xt_connlabel BuildRequires: libnetfilter_conntrack-devel >= 1.0.4 # libnfnetlink-devel is requires for nfnl_osf @@ -116,6 +119,9 @@ Currently only provides nfnl_osf with the pf.os database. %patch16 -p1 -b .restore_wait_man %build +#regen config +./autogen.sh + CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \ %configure --enable-devel --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr @@ -267,6 +273,10 @@ done %changelog +* Tue Aug 22 2017 Johnny Hughes 1.4.21-18.0 +- add fix from Red Hat bug #1477413 +- modify spec to use libtool to autogen configure + * Mon Apr 24 2017 Thomas Woerner 1.4.21-18 - Add support for --wait options to restore commands (RHBZ#1438597) - Do not set changed flag for rule check operations with module targets