Add option to use "iptables -w" switch

cmd/root.go

@@ -17,6 +17,7 @@ type RootOptions struct {
 	OutboundPortsToIgnore []int
 	SimulateOnly          bool
 	NetNs                 string
+	UseWaitFlag           bool
 }
 
 func newRootOptions() *RootOptions {
@@ -29,6 +30,7 @@ func newRootOptions() *RootOptions {
 		OutboundPortsToIgnore: make([]int, 0),
 		SimulateOnly:          false,
 		NetNs:                 "",
+		UseWaitFlag:           false,
 	}
 }
 
@@ -58,6 +60,7 @@ func NewRootCmd() *cobra.Command {
 	cmd.PersistentFlags().IntSliceVar(&options.OutboundPortsToIgnore, "outbound-ports-to-ignore", options.OutboundPortsToIgnore, "Outbound ports to ignore and not redirect to proxy. This has higher precedence than any other parameters.")
 	cmd.PersistentFlags().BoolVar(&options.SimulateOnly, "simulate", options.SimulateOnly, "Don't execute any command, just print what would be executed")
 	cmd.PersistentFlags().StringVar(&options.NetNs, "netns", options.NetNs, "Optional network namespace in which to run the iptables commands")
+	cmd.PersistentFlags().BoolVarP(&options.UseWaitFlag, "use-wait-flag", "w", options.UseWaitFlag, "Appends the \"-w\" flag to the iptables commands")
 
 	return cmd
 }
@@ -81,6 +84,7 @@ func BuildFirewallConfiguration(options *RootOptions) (*iptables.FirewallConfigu
 		OutboundPortsToIgnore:  options.OutboundPortsToIgnore,
 		SimulateOnly:           options.SimulateOnly,
 		NetNs:                  options.NetNs,
+		UseWaitFlag:            options.UseWaitFlag,
 	}
 
 	if len(options.PortsToRedirect) > 0 {

cmd/root_test.go

@@ -21,6 +21,7 @@ func TestBuildFirewallConfiguration(t *testing.T) {
 			ProxyOutgoingPort:      expectedOutgoingProxyPort,
 			ProxyUID:               expectedProxyUserID,
 			SimulateOnly:           false,
+			UseWaitFlag:            false,
 		}
 
 		options := newRootOptions()
@@ -34,7 +35,7 @@ func TestBuildFirewallConfiguration(t *testing.T) {
 		}
 
 		if !reflect.DeepEqual(config, expectedConfig) {
-			t.Fatalf("Expected config [%v] but got [%v]", expectedConfig, config)
+			t.Fatalf("Expected config \n[%+v]\n but got \n[%+v]", expectedConfig, config)
 		}
 	})
 

iptables/iptables.go

@@ -40,6 +40,7 @@ type FirewallConfiguration struct {
 	ProxyUID               int
 	SimulateOnly           bool
 	NetNs                  string
+	UseWaitFlag            bool
 }
 
 //ConfigureFirewall configures a pod's internal iptables to redirect all desired traffic through the proxy, allowing for
@@ -161,6 +162,13 @@ func executeCommand(firewallConfiguration FirewallConfiguration, cmd *exec.Cmd)
 	originalCmd := strings.Trim(fmt.Sprintf("%v", cmd.Args), "[]")
 	log.Printf("> %s", originalCmd)
 
+	if firewallConfiguration.UseWaitFlag {
+		log.Print("Setting UseWaitFlag: iptables will wait for xtables to become available")
+		cmd.Args = append(cmd.Args, "-w")
+	}
+
+
+
 	if !firewallConfiguration.SimulateOnly {
 		// wrap up the cmd with nsenter if we were givin a netns
 		if len(firewallConfiguration.NetNs) > 0 {
@@ -174,6 +182,7 @@ func executeCommand(firewallConfiguration FirewallConfiguration, cmd *exec.Cmd)
 			log.Printf(">> nsenter %v", finalArgs)
 			cmd = exec.Command("nsenter", finalArgs...)
 		}
+
 		out, err := cmd.CombinedOutput()
 		log.Printf("< %s\n", string(out))
 		if err != nil {