diff options
authorDan Williams <>2017-04-10 12:35:18 -0500
committerPablo Neira Ayuso <>2017-04-14 01:05:44 +0200
commit65801d02a482befd2745c792d6596ec75d434934 (patch)
parent9cd3adbed2fd8cdb6366293f3799573b811be89b (diff)
iptables-restore.8: document -w/-W options
Fixes: 999eaa241212 ("iptables-restore: support acquiring the lock.") Signed-off-by: Dan Williams <> Signed-off-by: Pablo Neira Ayuso <>
1 files changed, 21 insertions, 4 deletions
diff --git a/iptables/ b/iptables/
index bba505d8..f751492d 100644
--- a/iptables/
+++ b/iptables/
@@ -23,11 +23,13 @@ iptables-restore \(em Restore IP Tables
ip6tables-restore \(em Restore IPv6 Tables
-\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP]
-[\fB\-T\fP \fIname\fP] [\fBfile\fP]
+\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP]
+[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP] [\fB\-T\fP \fIname\fP]
-\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP]
-[\fB\-T\fP \fIname\fP] [\fBfile\fP]
+\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP]
+[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP] [\fB\-T\fP \fIname\fP]
.B iptables-restore
@@ -56,6 +58,21 @@ Print additional debug info during ruleset processing.
\fB\-V\fP, \fB\-\-version\fP
Print the program version number.
+\fB\-w\fP, \fB\-\-wait\fP [\fIseconds\fP]
+Wait for the xtables lock.
+To prevent multiple instances of the program from running concurrently,
+an attempt will be made to obtain an exclusive lock at launch. By default,
+the program will exit if the lock cannot be obtained. This option will
+make the program wait (indefinitely or for optional \fIseconds\fP) until
+the exclusive lock can be obtained.
+\fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP
+Interval to wait per each iteration.
+When running latency sensitive applications, waiting for the xtables lock
+for extended durations may not be acceptable. This option will make each
+iteration take the amount of time specified. The default interval is
+1 second. This option only works with \fB\-w\fP.
\fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP
Specify the path to the modprobe program. By default, iptables-restore will
inspect /proc/sys/kernel/modprobe to determine the executable's path.