You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-w, --wait [seconds]
Wait for the xtables lock. To prevent multiple instances of the program from running concur‐
rently, an attempt will be made to obtain an exclusive lock at launch. By default, the pro‐
gram will exit if the lock cannot be obtained. This option will make the program wait
(indefinitely or for optional seconds) until the exclusive lock can be obtained.
-W, --wait-interval microseconds
Interval to wait per each iteration. When running latency sensitive applications, waiting
for the xtables lock for extended durations may not be acceptable. This option will make each
iteration take the amount of time specified. The default interval is 1 second. This option
only works with -w.
currently the firewall.bash template silently ignores iptables command that fail for any reason.
One such reason could be a competing iptables command run by another service (docker, wireguard, anything similar). While dependencies between services is none of the concern of this role, allowing to use the --wait [seconds] in each instantiation of the iptables binary may improve the end result of starting service (even though again, such problems should be solved differently).
I'll try to come up with a MR to see if this gathers interest.
The text was updated successfully, but these errors were encountered:
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read this blog post to see the reasons why I mark issues as stale.
Hello,
Thank you for all the work all those years.
from iptables
man
page:currently the
firewall.bash
template silently ignoresiptables
command that fail for any reason.One such reason could be a competing
iptables
command run by another service (docker, wireguard, anything similar). While dependencies between services is none of the concern of this role, allowing to use the--wait [seconds]
in each instantiation of theiptables
binary may improve the end result of starting service (even though again, such problems should be solved differently).I'll try to come up with a MR to see if this gathers interest.
The text was updated successfully, but these errors were encountered: