ipXtables: fix iptables-restore wait option detection

iptables-restore doesn't return non-zero status if the option is not recognized, so we must check the output.
t-woerner · Jan 30, 2018 · 2e92938 · 2e92938
1 parent f837ab2
commit 2e92938
Showing 1 changed file with 8 additions and 7 deletions.
diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
@@ -380,13 +380,14 @@ def _detect_restore_wait_option(self):
         temp_file.close()
 
         wait_option = ""
-        ret = runProg(self._restore_command, ["-w"], stdin=temp_file.name)  # proposed for iptables-1.6.2
-        if ret[0] == 0:
-            wait_option = "-w"  # wait for xtables lock
-            ret = runProg(self._restore_command, ["--wait=2"], stdin=temp_file.name)  # since iptables > 1.4.21
-            if ret[0] == 0:
-                wait_option = "--wait=2"  # wait max 2 seconds
-            log.debug2("%s: %s will be using %s option.", self.__class__, self._restore_command, wait_option)
+        for test_option in ["-w", "--wait=2"]:
+            ret = runProg(self._restore_command, [test_option], stdin=temp_file.name)
+            if ret[0] == 0 and "invalid option" not in ret[1] \
+                           and "unrecognized option" not in ret[1]:
+                wait_option = test_option
+                break
+
+        log.debug2("%s: %s will be using %s option.", self.__class__, self._restore_command, wait_option)
 
         os.unlink(temp_file.name)