Add --wait to iptables-restore (hestiacp#2100)

jaapmarcus · web-flow · commit 302cb1ed1518 · 2021-08-31T11:21:40.000+02:00
By default iptables exits with a failure with --wait=xxx xxx in seconds it wait for a max of xxx seconds before it returns an exit code. 

Adding a  waiting time for about 10 seconds does not affect any normal boot setup after lock has been obtained it will continue with the restore.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
 
 ### Bugfixes
 - Improve the hostname check to prevent invalid hostnames or the use of an ip address (RFC1178).
+- Add small wait for /usr/bin/iptables-restore [Forum](https://forum.hestiacp.com/t/clean-install-arm64-does-not-start-after-reboot-v-start-service-iptables/4395/7)
 
 ## [1.4.12] - Service release 
 
diff --git a/bin/v-stop-firewall b/bin/v-stop-firewall
@@ -76,6 +76,7 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
+    iptablesversion=$(iptables --version |  head -1 | awk  '{print $2}' | cut -f -2 -d .);
     sd_unit="/lib/systemd/system/hestia-iptables.service"
     if [ ! -e "$sd_unit" ]; then
         echo "[Unit]" >> $sd_unit
@@ -89,7 +90,11 @@ else
         echo "Type=oneshot" >> $sd_unit
         echo "RemainAfterExit=yes" >> $sd_unit
         echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset" >> $sd_unit
-        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        if [ "$iptablesversion" = "v1.6" ]; then
+            echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        else 
+            echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >> $sd_unit
+        fi
         echo "" >> $sd_unit
         echo "[Install]" >> $sd_unit
         echo "WantedBy=multi-user.target" >> $sd_unit
diff --git a/bin/v-update-firewall b/bin/v-update-firewall
@@ -185,6 +185,7 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
+    iptablesversion=$(iptables --version |  head -1 | awk  '{print $2}' | cut -f -2 -d .);
     sd_unit="/lib/systemd/system/hestia-iptables.service"
     if [ ! -e "$sd_unit" ]; then
         echo "[Unit]" >> $sd_unit
@@ -198,7 +199,11 @@ else
         echo "Type=oneshot" >> $sd_unit
         echo "RemainAfterExit=yes" >> $sd_unit
         echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset" >> $sd_unit
-        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        if [ "$iptablesversion" = "v1.6" ]; then
+            echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
+        else 
+            echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >> $sd_unit
+        fi
         echo "" >> $sd_unit
         echo "[Install]" >> $sd_unit
         echo "WantedBy=multi-user.target" >> $sd_unit
